Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@2.5.0
Typepypi
Namespace
Namepillow
Version2.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.1.1
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-19e1-19hk-duet
vulnerability_id VCID-19e1-19hk-duet
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.5136
published_at 2026-04-04T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.5141
published_at 2026-04-21T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.5143
published_at 2026-04-18T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.51422
published_at 2026-04-16T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.51379
published_at 2026-04-13T12:55:00Z
5
value 0.0028
scoring_system epss
scoring_elements 0.51393
published_at 2026-04-12T12:55:00Z
6
value 0.0028
scoring_system epss
scoring_elements 0.51414
published_at 2026-04-11T12:55:00Z
7
value 0.0028
scoring_system epss
scoring_elements 0.51371
published_at 2026-04-09T12:55:00Z
8
value 0.0028
scoring_system epss
scoring_elements 0.51373
published_at 2026-04-08T12:55:00Z
9
value 0.0028
scoring_system epss
scoring_elements 0.51319
published_at 2026-04-07T12:55:00Z
10
value 0.00297
scoring_system epss
scoring_elements 0.53076
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45198
1
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.gentoo.org/855683
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198
3
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwe.mitre.org/data/definitions/409.html
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
8
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402
9
reference_url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea
10
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45198
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
reference_id GHSA-m2vv-5vj5-2hm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2vv-5vj5-2hm7
14
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
15
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4n96-uzyf-tud6
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases BIT-pillow-2022-45198, CVE-2022-45198, GHSA-m2vv-5vj5-2hm7, PYSEC-2022-42979
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet
1
url VCID-1vt7-c6e3-7qc8
vulnerability_id VCID-1vt7-c6e3-7qc8
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45314
published_at 2026-04-01T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45402
published_at 2026-04-21T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45452
published_at 2026-04-18T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45456
published_at 2026-04-16T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45405
published_at 2026-04-13T12:55:00Z
5
value 0.00226
scoring_system epss
scoring_elements 0.45404
published_at 2026-04-12T12:55:00Z
6
value 0.00226
scoring_system epss
scoring_elements 0.45434
published_at 2026-04-11T12:55:00Z
7
value 0.00226
scoring_system epss
scoring_elements 0.45412
published_at 2026-04-09T12:55:00Z
8
value 0.00226
scoring_system epss
scoring_elements 0.45357
published_at 2026-04-07T12:55:00Z
9
value 0.00226
scoring_system epss
scoring_elements 0.45414
published_at 2026-04-04T12:55:00Z
10
value 0.00226
scoring_system epss
scoring_elements 0.45394
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23437
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
8
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
reference_id 2001907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2001907
17
reference_url https://security.archlinux.org/AVG-2366
reference_id AVG-2366
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2366
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
19
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
20
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-df4x-jt3h-17hx
7
vulnerability VCID-dpc3-td9q-dyee
8
vulnerability VCID-g46h-p8jk-cuhc
9
vulnerability VCID-n1hp-atex-ubh4
10
vulnerability VCID-q4bb-qnxe-8bfa
11
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases BIT-pillow-2021-23437, CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vt7-c6e3-7qc8
2
url VCID-366h-8f99-r7at
vulnerability_id VCID-366h-8f99-r7at
summary Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
reference_id
reference_type
scores
0
value 0.01069
scoring_system epss
scoring_elements 0.77681
published_at 2026-04-07T12:55:00Z
1
value 0.01069
scoring_system epss
scoring_elements 0.77664
published_at 2026-04-01T12:55:00Z
2
value 0.01069
scoring_system epss
scoring_elements 0.77754
published_at 2026-04-21T12:55:00Z
3
value 0.01069
scoring_system epss
scoring_elements 0.7776
published_at 2026-04-18T12:55:00Z
4
value 0.01069
scoring_system epss
scoring_elements 0.77761
published_at 2026-04-16T12:55:00Z
5
value 0.01069
scoring_system epss
scoring_elements 0.77724
published_at 2026-04-13T12:55:00Z
6
value 0.01069
scoring_system epss
scoring_elements 0.7774
published_at 2026-04-11T12:55:00Z
7
value 0.01069
scoring_system epss
scoring_elements 0.77714
published_at 2026-04-09T12:55:00Z
8
value 0.01069
scoring_system epss
scoring_elements 0.77709
published_at 2026-04-08T12:55:00Z
9
value 0.01069
scoring_system epss
scoring_elements 0.77671
published_at 2026-04-02T12:55:00Z
10
value 0.01069
scoring_system epss
scoring_elements 0.77698
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0775
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjv-v9xq-m5h9
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-6.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
9
reference_url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
reference_id 1301621
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1301621
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
reference_id 813909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813909
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
reference_id CVE-2016-0775
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0775
18
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
19
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-e3gp-zc2b-budg
20
vulnerability VCID-en6t-uxtq-bfek
21
vulnerability VCID-g46h-p8jk-cuhc
22
vulnerability VCID-gvjw-funa-sqak
23
vulnerability VCID-h4x7-7fke-mqgp
24
vulnerability VCID-haum-8zpg-6kgf
25
vulnerability VCID-hmmq-5772-bycm
26
vulnerability VCID-khp6-9hfx-1kge
27
vulnerability VCID-m3tm-h4q9-9yay
28
vulnerability VCID-n1hp-atex-ubh4
29
vulnerability VCID-n1w5-f5p7-xuhb
30
vulnerability VCID-p6r3-puh1-zyg6
31
vulnerability VCID-q4bb-qnxe-8bfa
32
vulnerability VCID-rncf-9nf8-wud3
33
vulnerability VCID-sns1-ksqr-vbhr
34
vulnerability VCID-stft-hsk9-zfdy
35
vulnerability VCID-u1en-t8ux-uube
36
vulnerability VCID-ue18-zzau-x7hy
37
vulnerability VCID-uf5t-asns-tudp
38
vulnerability VCID-vdzj-kqfy-d3b7
39
vulnerability VCID-vwbu-ruxm-tbh4
40
vulnerability VCID-vxh1-8rvt-kkak
41
vulnerability VCID-vyzt-df2u-h3cc
42
vulnerability VCID-w9uy-fnpm-cbak
43
vulnerability VCID-x15z-dejc-9ba6
44
vulnerability VCID-xesd-d294-7fcx
45
vulnerability VCID-xk66-1d31-2qbk
46
vulnerability VCID-yccg-zw89-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0775, GHSA-8xjv-v9xq-m5h9, PYSEC-2016-6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-366h-8f99-r7at
3
url VCID-3qb5-8p8w-gkad
vulnerability_id VCID-3qb5-8p8w-gkad
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27921
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f4w8-cv6p-x6r5
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-40.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27921
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
reference_id 1935384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935384
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27921, CVE-2021-27921, GHSA-f4w8-cv6p-x6r5, PYSEC-2021-40
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qb5-8p8w-gkad
4
url VCID-3uk9-eds5-rkgc
vulnerability_id VCID-3uk9-eds5-rkgc
summary An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28675.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30183
published_at 2026-04-01T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.3008
published_at 2026-04-18T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.301
published_at 2026-04-16T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30086
published_at 2026-04-13T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30135
published_at 2026-04-12T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30179
published_at 2026-04-11T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30176
published_at 2026-04-09T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.3014
published_at 2026-04-08T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30081
published_at 2026-04-07T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30263
published_at 2026-04-04T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30214
published_at 2026-04-02T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.35257
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28675
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g6rj-rv7j-xwp4
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-139.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28675
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
reference_id 1958240
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958240
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
17
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28675, CVE-2021-28675, GHSA-g6rj-rv7j-xwp4, PYSEC-2021-139
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3uk9-eds5-rkgc
5
url VCID-53ac-ceq4-qkhf
vulnerability_id VCID-53ac-ceq4-qkhf
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27922.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34909
published_at 2026-04-02T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34859
published_at 2026-04-08T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.34701
published_at 2026-04-01T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34814
published_at 2026-04-07T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34936
published_at 2026-04-04T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.34853
published_at 2026-04-18T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34869
published_at 2026-04-16T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.3483
published_at 2026-04-13T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.34854
published_at 2026-04-12T12:55:00Z
9
value 0.00145
scoring_system epss
scoring_elements 0.34891
published_at 2026-04-11T12:55:00Z
10
value 0.00145
scoring_system epss
scoring_elements 0.34887
published_at 2026-04-09T12:55:00Z
11
value 0.00315
scoring_system epss
scoring_elements 0.54591
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27922
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wvg-mj6g-m9cv
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-41.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27922
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
reference_id 1935396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935396
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27922, CVE-2021-27922, GHSA-3wvg-mj6g-m9cv, PYSEC-2021-41
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53ac-ceq4-qkhf
6
url VCID-5rv4-k1q9-zue2
vulnerability_id VCID-5rv4-k1q9-zue2
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rv4-k1q9-zue2
7
url VCID-64n5-pugj-vue8
vulnerability_id VCID-64n5-pugj-vue8
summary 
Pillow buffer overflow vulnerability
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49512
published_at 2026-04-21T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49541
published_at 2026-04-18T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49543
published_at 2026-04-16T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49496
published_at 2026-04-13T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49494
published_at 2026-04-12T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49522
published_at 2026-04-11T12:55:00Z
6
value 0.00261
scoring_system epss
scoring_elements 0.49505
published_at 2026-04-09T12:55:00Z
7
value 0.00261
scoring_system epss
scoring_elements 0.49509
published_at 2026-04-08T12:55:00Z
8
value 0.00261
scoring_system epss
scoring_elements 0.49454
published_at 2026-04-07T12:55:00Z
9
value 0.00261
scoring_system epss
scoring_elements 0.49502
published_at 2026-04-04T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49475
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
8
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28219
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
reference_id 2272563
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272563
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
reference_id 4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:R
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-03T18:09:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M/
14
reference_url https://github.com/advisories/GHSA-44wm-f244-xhp3
reference_id GHSA-44wm-f244-xhp3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44wm-f244-xhp3
15
reference_url https://security.gentoo.org/glsa/202411-07
reference_id GLSA-202411-07
reference_type
scores
url https://security.gentoo.org/glsa/202411-07
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2024:4227
reference_id RHSA-2024:4227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4227
18
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
19
reference_url https://usn.ubuntu.com/6744-1/
reference_id USN-6744-1
reference_type
scores
url https://usn.ubuntu.com/6744-1/
20
reference_url https://usn.ubuntu.com/6744-2/
reference_id USN-6744-2
reference_type
scores
url https://usn.ubuntu.com/6744-2/
21
reference_url https://usn.ubuntu.com/6744-3/
reference_id USN-6744-3
reference_type
scores
url https://usn.ubuntu.com/6744-3/
fixed_packages
0
url pkg:pypi/pillow@10.3.0
purl pkg:pypi/pillow@10.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-67yw-ej31-8ub1
1
vulnerability VCID-ca8h-871t-t3dd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.3.0
aliases CVE-2024-28219, GHSA-44wm-f244-xhp3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64n5-pugj-vue8
8
url VCID-6gyu-fzpg-c3bn
vulnerability_id VCID-6gyu-fzpg-c3bn
summary In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35654.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35654.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35654
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41993
published_at 2026-04-21T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.42089
published_at 2026-04-16T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.42038
published_at 2026-04-13T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.42063
published_at 2026-04-18T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.42101
published_at 2026-04-11T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.42078
published_at 2026-04-09T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.41988
published_at 2026-04-01T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.42066
published_at 2026-04-08T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.42014
published_at 2026-04-07T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.42077
published_at 2026-04-04T12:55:00Z
10
value 0.00199
scoring_system epss
scoring_elements 0.42049
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vqcj-wrf2-7v73
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-70.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35654
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1915424
reference_id 1915424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1915424
19
reference_url https://security.archlinux.org/ASA-202101-11
reference_id ASA-202101-11
reference_type
scores
url https://security.archlinux.org/ASA-202101-11
20
reference_url https://security.archlinux.org/AVG-1438
reference_id AVG-1438
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1438
21
reference_url https://security.gentoo.org/glsa/202101-08
reference_id GLSA-202101-08
reference_type
scores
url https://security.gentoo.org/glsa/202101-08
22
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
23
reference_url https://usn.ubuntu.com/4697-1/
reference_id USN-4697-1
reference_type
scores
url https://usn.ubuntu.com/4697-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-en6t-uxtq-bfek
14
vulnerability VCID-g46h-p8jk-cuhc
15
vulnerability VCID-gvjw-funa-sqak
16
vulnerability VCID-khp6-9hfx-1kge
17
vulnerability VCID-n1hp-atex-ubh4
18
vulnerability VCID-n1w5-f5p7-xuhb
19
vulnerability VCID-p6r3-puh1-zyg6
20
vulnerability VCID-q4bb-qnxe-8bfa
21
vulnerability VCID-rncf-9nf8-wud3
22
vulnerability VCID-ue18-zzau-x7hy
23
vulnerability VCID-vdzj-kqfy-d3b7
24
vulnerability VCID-vwbu-ruxm-tbh4
25
vulnerability VCID-vxh1-8rvt-kkak
26
vulnerability VCID-vyzt-df2u-h3cc
27
vulnerability VCID-w9uy-fnpm-cbak
28
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases BIT-pillow-2020-35654, CVE-2020-35654, GHSA-vqcj-wrf2-7v73, PYSEC-2021-70
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gyu-fzpg-c3bn
9
url VCID-8n2b-wvya-53e1
vulnerability_id VCID-8n2b-wvya-53e1
summary In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10378.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10378.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10378
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54975
published_at 2026-04-21T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54994
published_at 2026-04-16T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.54957
published_at 2026-04-13T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.5498
published_at 2026-04-12T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.54998
published_at 2026-04-18T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.54872
published_at 2026-04-01T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.54987
published_at 2026-04-08T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54937
published_at 2026-04-07T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54968
published_at 2026-04-04T12:55:00Z
9
value 0.00319
scoring_system epss
scoring_elements 0.54942
published_at 2026-04-02T12:55:00Z
10
value 0.00319
scoring_system epss
scoring_elements 0.54986
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10378
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378
3
reference_url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3xv8-3j54-hgrp
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-77.yaml
5
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2
8
reference_url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac
9
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
10
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
11
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
18
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
19
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
20
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
21
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852832
reference_id 1852832
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852832
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
reference_id CVE-2020-10378
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10378
24
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-aubw-tsmn-ffcq
11
vulnerability VCID-brp2-dtrf-jyfr
12
vulnerability VCID-d7uf-zdbv-sba1
13
vulnerability VCID-df4x-jt3h-17hx
14
vulnerability VCID-dpc3-td9q-dyee
15
vulnerability VCID-en6t-uxtq-bfek
16
vulnerability VCID-g46h-p8jk-cuhc
17
vulnerability VCID-gvjw-funa-sqak
18
vulnerability VCID-khp6-9hfx-1kge
19
vulnerability VCID-n1hp-atex-ubh4
20
vulnerability VCID-n1w5-f5p7-xuhb
21
vulnerability VCID-p6r3-puh1-zyg6
22
vulnerability VCID-q4bb-qnxe-8bfa
23
vulnerability VCID-rncf-9nf8-wud3
24
vulnerability VCID-ue18-zzau-x7hy
25
vulnerability VCID-vdzj-kqfy-d3b7
26
vulnerability VCID-vwbu-ruxm-tbh4
27
vulnerability VCID-vxh1-8rvt-kkak
28
vulnerability VCID-vyzt-df2u-h3cc
29
vulnerability VCID-w9uy-fnpm-cbak
30
vulnerability VCID-x15z-dejc-9ba6
31
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10378, CVE-2020-10378, GHSA-3xv8-3j54-hgrp, PYSEC-2020-77
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8n2b-wvya-53e1
10
url VCID-9ckw-ra54-z3b7
vulnerability_id VCID-9ckw-ra54-z3b7
summary 
Arbitrary Code Execution in Pillow
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
reference_id
reference_type
scores
0
value 0.00713
scoring_system epss
scoring_elements 0.72354
published_at 2026-04-21T12:55:00Z
1
value 0.00754
scoring_system epss
scoring_elements 0.73261
published_at 2026-04-16T12:55:00Z
2
value 0.00754
scoring_system epss
scoring_elements 0.73218
published_at 2026-04-13T12:55:00Z
3
value 0.00754
scoring_system epss
scoring_elements 0.73225
published_at 2026-04-12T12:55:00Z
4
value 0.00754
scoring_system epss
scoring_elements 0.73244
published_at 2026-04-11T12:55:00Z
5
value 0.00754
scoring_system epss
scoring_elements 0.73219
published_at 2026-04-09T12:55:00Z
6
value 0.00754
scoring_system epss
scoring_elements 0.7327
published_at 2026-04-18T12:55:00Z
7
value 0.00775
scoring_system epss
scoring_elements 0.73555
published_at 2026-04-02T12:55:00Z
8
value 0.00775
scoring_system epss
scoring_elements 0.73586
published_at 2026-04-08T12:55:00Z
9
value 0.00775
scoring_system epss
scoring_elements 0.7355
published_at 2026-04-07T12:55:00Z
10
value 0.00775
scoring_system epss
scoring_elements 0.73578
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447
6
reference_url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
7
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
10
reference_url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
11
reference_url https://github.com/python-pillow/Pillow/releases
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://github.com/python-pillow/Pillow/releases
12
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50447
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
15
reference_url http://www.openwall.com/lists/oss-security/2024/01/20/1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url http://www.openwall.com/lists/oss-security/2024/01/20/1
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
reference_id 1061172
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
17
reference_url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
reference_id 2024-01-02-CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
reference_id 2259479
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2259479
19
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
reference_id CVE-2023-50447
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-19T03:55:36Z/
url https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
20
reference_url https://github.com/advisories/GHSA-3f63-hfp8-52jq
reference_id GHSA-3f63-hfp8-52jq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f63-hfp8-52jq
21
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
22
reference_url https://access.redhat.com/errata/RHSA-2024:0754
reference_id RHSA-2024:0754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0754
23
reference_url https://access.redhat.com/errata/RHSA-2024:0857
reference_id RHSA-2024:0857
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0857
24
reference_url https://access.redhat.com/errata/RHSA-2024:0893
reference_id RHSA-2024:0893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0893
25
reference_url https://access.redhat.com/errata/RHSA-2024:1058
reference_id RHSA-2024:1058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1058
26
reference_url https://access.redhat.com/errata/RHSA-2024:1059
reference_id RHSA-2024:1059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1059
27
reference_url https://access.redhat.com/errata/RHSA-2024:1060
reference_id RHSA-2024:1060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1060
28
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
29
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
30
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.2.0
purl pkg:pypi/pillow@10.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.2.0
aliases CVE-2023-50447, GHSA-3f63-hfp8-52jq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ckw-ra54-z3b7
11
url VCID-and9-6jty-pyeq
vulnerability_id VCID-and9-6jty-pyeq
summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10379.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10379
reference_id
reference_type
scores
0
value 0.0036
scoring_system epss
scoring_elements 0.58219
published_at 2026-04-21T12:55:00Z
1
value 0.0036
scoring_system epss
scoring_elements 0.58245
published_at 2026-04-18T12:55:00Z
2
value 0.0036
scoring_system epss
scoring_elements 0.58242
published_at 2026-04-16T12:55:00Z
3
value 0.0036
scoring_system epss
scoring_elements 0.58211
published_at 2026-04-13T12:55:00Z
4
value 0.0036
scoring_system epss
scoring_elements 0.5823
published_at 2026-04-12T12:55:00Z
5
value 0.0036
scoring_system epss
scoring_elements 0.58254
published_at 2026-04-11T12:55:00Z
6
value 0.0036
scoring_system epss
scoring_elements 0.58232
published_at 2026-04-08T12:55:00Z
7
value 0.0036
scoring_system epss
scoring_elements 0.58177
published_at 2026-04-07T12:55:00Z
8
value 0.0036
scoring_system epss
scoring_elements 0.58205
published_at 2026-04-04T12:55:00Z
9
value 0.0036
scoring_system epss
scoring_elements 0.58185
published_at 2026-04-02T12:55:00Z
10
value 0.0036
scoring_system epss
scoring_elements 0.58099
published_at 2026-04-01T12:55:00Z
11
value 0.0036
scoring_system epss
scoring_elements 0.58236
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10379
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379
3
reference_url https://github.com/advisories/GHSA-8843-m7mw-mxqm
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8843-m7mw-mxqm
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-78.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-78.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac
7
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
8
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
9
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10379
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10379
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
17
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577
18
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
19
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852836
reference_id 1852836
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852836
21
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-aubw-tsmn-ffcq
11
vulnerability VCID-brp2-dtrf-jyfr
12
vulnerability VCID-d7uf-zdbv-sba1
13
vulnerability VCID-df4x-jt3h-17hx
14
vulnerability VCID-dpc3-td9q-dyee
15
vulnerability VCID-en6t-uxtq-bfek
16
vulnerability VCID-g46h-p8jk-cuhc
17
vulnerability VCID-gvjw-funa-sqak
18
vulnerability VCID-khp6-9hfx-1kge
19
vulnerability VCID-n1hp-atex-ubh4
20
vulnerability VCID-n1w5-f5p7-xuhb
21
vulnerability VCID-p6r3-puh1-zyg6
22
vulnerability VCID-q4bb-qnxe-8bfa
23
vulnerability VCID-rncf-9nf8-wud3
24
vulnerability VCID-ue18-zzau-x7hy
25
vulnerability VCID-vdzj-kqfy-d3b7
26
vulnerability VCID-vwbu-ruxm-tbh4
27
vulnerability VCID-vxh1-8rvt-kkak
28
vulnerability VCID-vyzt-df2u-h3cc
29
vulnerability VCID-w9uy-fnpm-cbak
30
vulnerability VCID-x15z-dejc-9ba6
31
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10379, CVE-2020-10379, GHSA-8843-m7mw-mxqm, PYSEC-2020-78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-and9-6jty-pyeq
12
url VCID-aubw-tsmn-ffcq
vulnerability_id VCID-aubw-tsmn-ffcq
summary An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
reference_id
reference_type
scores
0
value 0.00263
scoring_system epss
scoring_elements 0.49763
published_at 2026-04-18T12:55:00Z
1
value 0.00263
scoring_system epss
scoring_elements 0.49716
published_at 2026-04-13T12:55:00Z
2
value 0.00263
scoring_system epss
scoring_elements 0.49715
published_at 2026-04-12T12:55:00Z
3
value 0.00263
scoring_system epss
scoring_elements 0.49743
published_at 2026-04-11T12:55:00Z
4
value 0.00263
scoring_system epss
scoring_elements 0.49731
published_at 2026-04-08T12:55:00Z
5
value 0.00263
scoring_system epss
scoring_elements 0.49676
published_at 2026-04-07T12:55:00Z
6
value 0.00263
scoring_system epss
scoring_elements 0.49726
published_at 2026-04-09T12:55:00Z
7
value 0.00263
scoring_system epss
scoring_elements 0.49698
published_at 2026-04-02T12:55:00Z
8
value 0.00263
scoring_system epss
scoring_elements 0.49667
published_at 2026-04-01T12:55:00Z
9
value 0.00271
scoring_system epss
scoring_elements 0.5057
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28677
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-q5hq-fp76-qmrc
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-93.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28677
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
reference_id 1958257
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958257
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28677, CVE-2021-28677, GHSA-q5hq-fp76-qmrc, PYSEC-2021-93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aubw-tsmn-ffcq
13
url VCID-avx2-mahw-mqes
vulnerability_id VCID-avx2-mahw-mqes
summary Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
reference_id
reference_type
scores
0
value 0.05263
scoring_system epss
scoring_elements 0.89986
published_at 2026-04-08T12:55:00Z
1
value 0.05263
scoring_system epss
scoring_elements 0.89948
published_at 2026-04-01T12:55:00Z
2
value 0.05263
scoring_system epss
scoring_elements 0.90003
published_at 2026-04-21T12:55:00Z
3
value 0.05263
scoring_system epss
scoring_elements 0.90006
published_at 2026-04-18T12:55:00Z
4
value 0.05263
scoring_system epss
scoring_elements 0.90005
published_at 2026-04-16T12:55:00Z
5
value 0.05263
scoring_system epss
scoring_elements 0.8999
published_at 2026-04-13T12:55:00Z
6
value 0.05263
scoring_system epss
scoring_elements 0.89997
published_at 2026-04-12T12:55:00Z
7
value 0.05263
scoring_system epss
scoring_elements 0.89998
published_at 2026-04-11T12:55:00Z
8
value 0.05263
scoring_system epss
scoring_elements 0.8997
published_at 2026-04-07T12:55:00Z
9
value 0.05263
scoring_system epss
scoring_elements 0.89991
published_at 2026-04-09T12:55:00Z
10
value 0.05263
scoring_system epss
scoring_elements 0.8995
published_at 2026-04-02T12:55:00Z
11
value 0.05263
scoring_system epss
scoring_elements 0.89963
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4009
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4009
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hvr8-466p-75rh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hvr8-466p-75rh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-7.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
8
reference_url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
9
reference_url https://github.com/python-pillow/Pillow/pull/1714
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1714
10
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
11
reference_url http://www.securityfocus.com/bid/86064
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/86064
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
reference_id 1327134
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1327134
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
reference_id CVE-2016-4009
reference_type
scores
0
value 10.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4009
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-e3gp-zc2b-budg
20
vulnerability VCID-en6t-uxtq-bfek
21
vulnerability VCID-g46h-p8jk-cuhc
22
vulnerability VCID-gvjw-funa-sqak
23
vulnerability VCID-h4x7-7fke-mqgp
24
vulnerability VCID-haum-8zpg-6kgf
25
vulnerability VCID-hmmq-5772-bycm
26
vulnerability VCID-khp6-9hfx-1kge
27
vulnerability VCID-m3tm-h4q9-9yay
28
vulnerability VCID-n1hp-atex-ubh4
29
vulnerability VCID-n1w5-f5p7-xuhb
30
vulnerability VCID-p6r3-puh1-zyg6
31
vulnerability VCID-q4bb-qnxe-8bfa
32
vulnerability VCID-rncf-9nf8-wud3
33
vulnerability VCID-sns1-ksqr-vbhr
34
vulnerability VCID-stft-hsk9-zfdy
35
vulnerability VCID-u1en-t8ux-uube
36
vulnerability VCID-ue18-zzau-x7hy
37
vulnerability VCID-uf5t-asns-tudp
38
vulnerability VCID-vdzj-kqfy-d3b7
39
vulnerability VCID-vwbu-ruxm-tbh4
40
vulnerability VCID-vxh1-8rvt-kkak
41
vulnerability VCID-vyzt-df2u-h3cc
42
vulnerability VCID-w9uy-fnpm-cbak
43
vulnerability VCID-x15z-dejc-9ba6
44
vulnerability VCID-xesd-d294-7fcx
45
vulnerability VCID-xk66-1d31-2qbk
46
vulnerability VCID-yccg-zw89-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-4009, GHSA-hvr8-466p-75rh, PYSEC-2016-7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avx2-mahw-mqes
14
url VCID-b3au-rcgp-2fag
vulnerability_id VCID-b3au-rcgp-2fag
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19911.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19911
reference_id
reference_type
scores
0
value 0.00965
scoring_system epss
scoring_elements 0.76597
published_at 2026-04-21T12:55:00Z
1
value 0.00965
scoring_system epss
scoring_elements 0.76609
published_at 2026-04-18T12:55:00Z
2
value 0.00965
scoring_system epss
scoring_elements 0.76506
published_at 2026-04-01T12:55:00Z
3
value 0.00965
scoring_system epss
scoring_elements 0.76606
published_at 2026-04-16T12:55:00Z
4
value 0.00965
scoring_system epss
scoring_elements 0.76564
published_at 2026-04-13T12:55:00Z
5
value 0.00965
scoring_system epss
scoring_elements 0.76592
published_at 2026-04-11T12:55:00Z
6
value 0.00965
scoring_system epss
scoring_elements 0.76571
published_at 2026-04-12T12:55:00Z
7
value 0.00965
scoring_system epss
scoring_elements 0.76511
published_at 2026-04-02T12:55:00Z
8
value 0.00965
scoring_system epss
scoring_elements 0.7654
published_at 2026-04-04T12:55:00Z
9
value 0.00965
scoring_system epss
scoring_elements 0.76522
published_at 2026-04-07T12:55:00Z
10
value 0.00965
scoring_system epss
scoring_elements 0.76554
published_at 2026-04-08T12:55:00Z
11
value 0.00965
scoring_system epss
scoring_elements 0.76565
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19911
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-5gm3-px64-rw72
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5gm3-px64-rw72
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-172.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-172.yaml
8
reference_url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
9
reference_url https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19911
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19911
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
14
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
15
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
16
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789540
reference_id 1789540
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789540
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
19
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases CVE-2019-19911, GHSA-5gm3-px64-rw72, PYSEC-2020-172
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3au-rcgp-2fag
15
url VCID-b5a2-83ej-puaw
vulnerability_id VCID-b5a2-83ej-puaw
summary In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11538.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11538
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50181
published_at 2026-04-21T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.50206
published_at 2026-04-18T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50205
published_at 2026-04-16T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.5016
published_at 2026-04-13T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50161
published_at 2026-04-12T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50187
published_at 2026-04-11T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.5017
published_at 2026-04-09T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50177
published_at 2026-04-08T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.50123
published_at 2026-04-07T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.50145
published_at 2026-04-02T12:55:00Z
10
value 0.00267
scoring_system epss
scoring_elements 0.50173
published_at 2026-04-04T12:55:00Z
11
value 0.00267
scoring_system epss
scoring_elements 0.50111
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11538
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-43fq-w8qq-v88h
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-43fq-w8qq-v88h
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-80.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
8
reference_url https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d
9
reference_url https://github.com/python-pillow/Pillow/pull/4504
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4504
10
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11538
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11538
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
17
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
18
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574
19
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
20
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
21
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
22
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852814
reference_id 1852814
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852814
24
reference_url https://access.redhat.com/errata/RHSA-2020:3185
reference_id RHSA-2020:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3185
25
reference_url https://access.redhat.com/errata/RHSA-2020:3299
reference_id RHSA-2020:3299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3299
26
reference_url https://access.redhat.com/errata/RHSA-2020:3302
reference_id RHSA-2020:3302
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3302
27
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-aubw-tsmn-ffcq
11
vulnerability VCID-brp2-dtrf-jyfr
12
vulnerability VCID-d7uf-zdbv-sba1
13
vulnerability VCID-df4x-jt3h-17hx
14
vulnerability VCID-dpc3-td9q-dyee
15
vulnerability VCID-en6t-uxtq-bfek
16
vulnerability VCID-g46h-p8jk-cuhc
17
vulnerability VCID-gvjw-funa-sqak
18
vulnerability VCID-khp6-9hfx-1kge
19
vulnerability VCID-n1hp-atex-ubh4
20
vulnerability VCID-n1w5-f5p7-xuhb
21
vulnerability VCID-p6r3-puh1-zyg6
22
vulnerability VCID-q4bb-qnxe-8bfa
23
vulnerability VCID-rncf-9nf8-wud3
24
vulnerability VCID-ue18-zzau-x7hy
25
vulnerability VCID-vdzj-kqfy-d3b7
26
vulnerability VCID-vwbu-ruxm-tbh4
27
vulnerability VCID-vxh1-8rvt-kkak
28
vulnerability VCID-vyzt-df2u-h3cc
29
vulnerability VCID-w9uy-fnpm-cbak
30
vulnerability VCID-x15z-dejc-9ba6
31
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-11538, CVE-2020-11538, GHSA-43fq-w8qq-v88h, PYSEC-2020-80
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5a2-83ej-puaw
16
url VCID-brp2-dtrf-jyfr
vulnerability_id VCID-brp2-dtrf-jyfr
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
reference_id
reference_type
scores
0
value 0.01428
scoring_system epss
scoring_elements 0.8067
published_at 2026-04-21T12:55:00Z
1
value 0.01428
scoring_system epss
scoring_elements 0.80668
published_at 2026-04-18T12:55:00Z
2
value 0.01428
scoring_system epss
scoring_elements 0.80666
published_at 2026-04-16T12:55:00Z
3
value 0.01428
scoring_system epss
scoring_elements 0.80637
published_at 2026-04-13T12:55:00Z
4
value 0.01428
scoring_system epss
scoring_elements 0.80645
published_at 2026-04-12T12:55:00Z
5
value 0.01428
scoring_system epss
scoring_elements 0.80658
published_at 2026-04-11T12:55:00Z
6
value 0.01428
scoring_system epss
scoring_elements 0.80642
published_at 2026-04-09T12:55:00Z
7
value 0.01428
scoring_system epss
scoring_elements 0.80632
published_at 2026-04-08T12:55:00Z
8
value 0.01428
scoring_system epss
scoring_elements 0.80605
published_at 2026-04-07T12:55:00Z
9
value 0.01428
scoring_system epss
scoring_elements 0.80612
published_at 2026-04-04T12:55:00Z
10
value 0.01428
scoring_system epss
scoring_elements 0.8059
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9j59-75qj-795w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
8
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
9
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
10
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
11
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/3450
12
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/6010
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
reference_id 2052682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2052682
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
19
reference_url https://usn.ubuntu.com/5777-1/
reference_id USN-5777-1
reference_type
scores
url https://usn.ubuntu.com/5777-1/
20
reference_url https://usn.ubuntu.com/USN-5777-2/
reference_id USN-USN-5777-2
reference_type
scores
url https://usn.ubuntu.com/USN-5777-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-24303, CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr
17
url VCID-cas2-jb3y-vyhz
vulnerability_id VCID-cas2-jb3y-vyhz
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16865.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16865
reference_id
reference_type
scores
0
value 0.03942
scoring_system epss
scoring_elements 0.88313
published_at 2026-04-04T12:55:00Z
1
value 0.03942
scoring_system epss
scoring_elements 0.88317
published_at 2026-04-07T12:55:00Z
2
value 0.03942
scoring_system epss
scoring_elements 0.88336
published_at 2026-04-08T12:55:00Z
3
value 0.03942
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-11T12:55:00Z
4
value 0.03942
scoring_system epss
scoring_elements 0.88345
published_at 2026-04-13T12:55:00Z
5
value 0.03942
scoring_system epss
scoring_elements 0.88358
published_at 2026-04-16T12:55:00Z
6
value 0.03942
scoring_system epss
scoring_elements 0.88355
published_at 2026-04-18T12:55:00Z
7
value 0.03942
scoring_system epss
scoring_elements 0.88354
published_at 2026-04-21T12:55:00Z
8
value 0.03942
scoring_system epss
scoring_elements 0.88343
published_at 2026-04-09T12:55:00Z
9
value 0.03942
scoring_system epss
scoring_elements 0.8829
published_at 2026-04-01T12:55:00Z
10
value 0.03942
scoring_system epss
scoring_elements 0.88298
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16865
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/advisories/GHSA-j7mj-748x-7p78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-j7mj-748x-7p78
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2019-110.yaml
12
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
13
reference_url https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ab52630d0644e42a75eb88b78b9a9d7438a6fbeb
14
reference_url https://github.com/python-pillow/Pillow/issues/4123
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4123
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16865
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16865
22
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
23
reference_url https://ubuntu.com/security/notices/USN-4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/notices/USN-4272-1
24
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
25
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
26
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1774066
reference_id 1774066
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1774066
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b3au-rcgp-2fag
14
vulnerability VCID-b5a2-83ej-puaw
15
vulnerability VCID-brp2-dtrf-jyfr
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-en6t-uxtq-bfek
20
vulnerability VCID-g46h-p8jk-cuhc
21
vulnerability VCID-gvjw-funa-sqak
22
vulnerability VCID-h4x7-7fke-mqgp
23
vulnerability VCID-haum-8zpg-6kgf
24
vulnerability VCID-hmmq-5772-bycm
25
vulnerability VCID-khp6-9hfx-1kge
26
vulnerability VCID-m3tm-h4q9-9yay
27
vulnerability VCID-n1hp-atex-ubh4
28
vulnerability VCID-n1w5-f5p7-xuhb
29
vulnerability VCID-p6r3-puh1-zyg6
30
vulnerability VCID-q4bb-qnxe-8bfa
31
vulnerability VCID-rncf-9nf8-wud3
32
vulnerability VCID-sns1-ksqr-vbhr
33
vulnerability VCID-stft-hsk9-zfdy
34
vulnerability VCID-ue18-zzau-x7hy
35
vulnerability VCID-uf5t-asns-tudp
36
vulnerability VCID-vdzj-kqfy-d3b7
37
vulnerability VCID-vwbu-ruxm-tbh4
38
vulnerability VCID-vxh1-8rvt-kkak
39
vulnerability VCID-vyzt-df2u-h3cc
40
vulnerability VCID-w9uy-fnpm-cbak
41
vulnerability VCID-x15z-dejc-9ba6
42
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases CVE-2019-16865, GHSA-j7mj-748x-7p78, PYSEC-2019-110
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cas2-jb3y-vyhz
18
url VCID-d7uf-zdbv-sba1
vulnerability_id VCID-d7uf-zdbv-sba1
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-175.yaml
1
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
2
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
5
reference_url https://github.com/advisories/GHSA-56pw-mpj4-fxww
reference_id GHSA-56pw-mpj4-fxww
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56pw-mpj4-fxww
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases GHSA-56pw-mpj4-fxww, GMS-2023-3137
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7uf-zdbv-sba1
19
url VCID-df4x-jt3h-17hx
vulnerability_id VCID-df4x-jt3h-17hx
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22816.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.3348
published_at 2026-04-21T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33514
published_at 2026-04-18T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33537
published_at 2026-04-16T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33656
published_at 2026-04-04T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.33623
published_at 2026-04-02T12:55:00Z
5
value 0.00137
scoring_system epss
scoring_elements 0.33501
published_at 2026-04-13T12:55:00Z
6
value 0.00137
scoring_system epss
scoring_elements 0.33525
published_at 2026-04-12T12:55:00Z
7
value 0.00137
scoring_system epss
scoring_elements 0.33567
published_at 2026-04-11T12:55:00Z
8
value 0.00137
scoring_system epss
scoring_elements 0.33573
published_at 2026-04-09T12:55:00Z
9
value 0.00137
scoring_system epss
scoring_elements 0.33539
published_at 2026-04-08T12:55:00Z
10
value 0.00137
scoring_system epss
scoring_elements 0.33495
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22816
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
11
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
12
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
reference_id 2042522
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042522
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22816, CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df4x-jt3h-17hx
20
url VCID-dgds-v95g-pbcv
vulnerability_id VCID-dgds-v95g-pbcv
summary Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0740.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.3496
published_at 2026-04-21T12:55:00Z
1
value 0.00146
scoring_system epss
scoring_elements 0.3502
published_at 2026-04-16T12:55:00Z
2
value 0.00146
scoring_system epss
scoring_elements 0.35005
published_at 2026-04-18T12:55:00Z
3
value 0.00148
scoring_system epss
scoring_elements 0.35245
published_at 2026-04-12T12:55:00Z
4
value 0.00148
scoring_system epss
scoring_elements 0.35221
published_at 2026-04-13T12:55:00Z
5
value 0.00148
scoring_system epss
scoring_elements 0.35096
published_at 2026-04-01T12:55:00Z
6
value 0.00148
scoring_system epss
scoring_elements 0.35296
published_at 2026-04-02T12:55:00Z
7
value 0.00148
scoring_system epss
scoring_elements 0.35325
published_at 2026-04-04T12:55:00Z
8
value 0.00148
scoring_system epss
scoring_elements 0.35207
published_at 2026-04-07T12:55:00Z
9
value 0.00148
scoring_system epss
scoring_elements 0.35252
published_at 2026-04-08T12:55:00Z
10
value 0.00148
scoring_system epss
scoring_elements 0.35277
published_at 2026-04-09T12:55:00Z
11
value 0.00148
scoring_system epss
scoring_elements 0.3528
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-0740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hggx-3h72-49ww
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hggx-3h72-49ww
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-5.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
reference_id 1298874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1298874
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
reference_id 813905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813905
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
reference_id CVE-2016-0740
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0740
19
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-e3gp-zc2b-budg
20
vulnerability VCID-en6t-uxtq-bfek
21
vulnerability VCID-g46h-p8jk-cuhc
22
vulnerability VCID-gvjw-funa-sqak
23
vulnerability VCID-h4x7-7fke-mqgp
24
vulnerability VCID-haum-8zpg-6kgf
25
vulnerability VCID-hmmq-5772-bycm
26
vulnerability VCID-khp6-9hfx-1kge
27
vulnerability VCID-m3tm-h4q9-9yay
28
vulnerability VCID-n1hp-atex-ubh4
29
vulnerability VCID-n1w5-f5p7-xuhb
30
vulnerability VCID-p6r3-puh1-zyg6
31
vulnerability VCID-q4bb-qnxe-8bfa
32
vulnerability VCID-rncf-9nf8-wud3
33
vulnerability VCID-sns1-ksqr-vbhr
34
vulnerability VCID-stft-hsk9-zfdy
35
vulnerability VCID-u1en-t8ux-uube
36
vulnerability VCID-ue18-zzau-x7hy
37
vulnerability VCID-uf5t-asns-tudp
38
vulnerability VCID-vdzj-kqfy-d3b7
39
vulnerability VCID-vwbu-ruxm-tbh4
40
vulnerability VCID-vxh1-8rvt-kkak
41
vulnerability VCID-vyzt-df2u-h3cc
42
vulnerability VCID-w9uy-fnpm-cbak
43
vulnerability VCID-x15z-dejc-9ba6
44
vulnerability VCID-xesd-d294-7fcx
45
vulnerability VCID-xk66-1d31-2qbk
46
vulnerability VCID-yccg-zw89-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-0740, GHSA-hggx-3h72-49ww, PYSEC-2016-5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgds-v95g-pbcv
21
url VCID-dpc3-td9q-dyee
vulnerability_id VCID-dpc3-td9q-dyee
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26277
published_at 2026-04-21T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26314
published_at 2026-04-18T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.2634
published_at 2026-04-16T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26332
published_at 2026-04-13T12:55:00Z
4
value 0.00095
scoring_system epss
scoring_elements 0.2639
published_at 2026-04-12T12:55:00Z
5
value 0.00095
scoring_system epss
scoring_elements 0.26436
published_at 2026-04-11T12:55:00Z
6
value 0.00095
scoring_system epss
scoring_elements 0.26428
published_at 2026-04-09T12:55:00Z
7
value 0.00095
scoring_system epss
scoring_elements 0.26377
published_at 2026-04-08T12:55:00Z
8
value 0.00095
scoring_system epss
scoring_elements 0.2631
published_at 2026-04-07T12:55:00Z
9
value 0.00095
scoring_system epss
scoring_elements 0.26529
published_at 2026-04-04T12:55:00Z
10
value 0.00095
scoring_system epss
scoring_elements 0.26486
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22815
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
10
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
11
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
12
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
13
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5920
14
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
16
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5053
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
reference_id 2042511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042511
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
21
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases BIT-pillow-2022-22815, CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dpc3-td9q-dyee
22
url VCID-e3gp-zc2b-budg
vulnerability_id VCID-e3gp-zc2b-budg
summary Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9189.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
reference_id
reference_type
scores
0
value 0.00358
scoring_system epss
scoring_elements 0.58046
published_at 2026-04-12T12:55:00Z
1
value 0.00358
scoring_system epss
scoring_elements 0.58069
published_at 2026-04-11T12:55:00Z
2
value 0.00358
scoring_system epss
scoring_elements 0.58053
published_at 2026-04-09T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.58049
published_at 2026-04-08T12:55:00Z
4
value 0.00358
scoring_system epss
scoring_elements 0.57994
published_at 2026-04-07T12:55:00Z
5
value 0.00358
scoring_system epss
scoring_elements 0.5802
published_at 2026-04-04T12:55:00Z
6
value 0.00358
scoring_system epss
scoring_elements 0.57998
published_at 2026-04-02T12:55:00Z
7
value 0.00358
scoring_system epss
scoring_elements 0.58025
published_at 2026-04-13T12:55:00Z
8
value 0.00358
scoring_system epss
scoring_elements 0.57913
published_at 2026-04-01T12:55:00Z
9
value 0.00358
scoring_system epss
scoring_elements 0.58056
published_at 2026-04-18T12:55:00Z
10
value 0.00358
scoring_system epss
scoring_elements 0.58033
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9189
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwr3-c2q8-gm56
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-8.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
reference_id 1382000
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382000
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
reference_id CVE-2016-9189
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9189
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-en6t-uxtq-bfek
20
vulnerability VCID-g46h-p8jk-cuhc
21
vulnerability VCID-gvjw-funa-sqak
22
vulnerability VCID-h4x7-7fke-mqgp
23
vulnerability VCID-haum-8zpg-6kgf
24
vulnerability VCID-hmmq-5772-bycm
25
vulnerability VCID-khp6-9hfx-1kge
26
vulnerability VCID-m3tm-h4q9-9yay
27
vulnerability VCID-n1hp-atex-ubh4
28
vulnerability VCID-n1w5-f5p7-xuhb
29
vulnerability VCID-p6r3-puh1-zyg6
30
vulnerability VCID-q4bb-qnxe-8bfa
31
vulnerability VCID-rncf-9nf8-wud3
32
vulnerability VCID-sns1-ksqr-vbhr
33
vulnerability VCID-stft-hsk9-zfdy
34
vulnerability VCID-ue18-zzau-x7hy
35
vulnerability VCID-uf5t-asns-tudp
36
vulnerability VCID-vdzj-kqfy-d3b7
37
vulnerability VCID-vwbu-ruxm-tbh4
38
vulnerability VCID-vxh1-8rvt-kkak
39
vulnerability VCID-vyzt-df2u-h3cc
40
vulnerability VCID-w9uy-fnpm-cbak
41
vulnerability VCID-x15z-dejc-9ba6
42
vulnerability VCID-xesd-d294-7fcx
43
vulnerability VCID-xk66-1d31-2qbk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9189, GHSA-rwr3-c2q8-gm56, PYSEC-2016-8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3gp-zc2b-budg
23
url VCID-en6t-uxtq-bfek
vulnerability_id VCID-en6t-uxtq-bfek
summary An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25289.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42926
published_at 2026-04-01T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.43036
published_at 2026-04-18T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.43048
published_at 2026-04-16T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42988
published_at 2026-04-13T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.43005
published_at 2026-04-12T12:55:00Z
5
value 0.00206
scoring_system epss
scoring_elements 0.4304
published_at 2026-04-11T12:55:00Z
6
value 0.00206
scoring_system epss
scoring_elements 0.43017
published_at 2026-04-09T12:55:00Z
7
value 0.00206
scoring_system epss
scoring_elements 0.43004
published_at 2026-04-08T12:55:00Z
8
value 0.00206
scoring_system epss
scoring_elements 0.42954
published_at 2026-04-07T12:55:00Z
9
value 0.00206
scoring_system epss
scoring_elements 0.43018
published_at 2026-04-04T12:55:00Z
10
value 0.00206
scoring_system epss
scoring_elements 0.4299
published_at 2026-04-02T12:55:00Z
11
value 0.00762
scoring_system epss
scoring_elements 0.73401
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25289
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-57h3-9rgr-c24m
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-57h3-9rgr-c24m
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-35.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c
8
reference_url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25289
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
reference_id 1934680
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934680
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25289, CVE-2021-25289, GHSA-57h3-9rgr-c24m, PYSEC-2021-35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-en6t-uxtq-bfek
24
url VCID-g46h-p8jk-cuhc
vulnerability_id VCID-g46h-p8jk-cuhc
summary 
Infinite loop in Pillow
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.

If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
references
0
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
1
reference_url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd
2
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file
3
reference_url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
reference_id GHSA-4fx9-vc88-q2xc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fx9-vc88-q2xc
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases GHSA-4fx9-vc88-q2xc, GMS-2022-347
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-p8jk-cuhc
25
url VCID-gvjw-funa-sqak
vulnerability_id VCID-gvjw-funa-sqak
summary Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27923.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
reference_id
reference_type
scores
0
value 0.00419
scoring_system epss
scoring_elements 0.61835
published_at 2026-04-07T12:55:00Z
1
value 0.00419
scoring_system epss
scoring_elements 0.61885
published_at 2026-04-08T12:55:00Z
2
value 0.00419
scoring_system epss
scoring_elements 0.61759
published_at 2026-04-01T12:55:00Z
3
value 0.00419
scoring_system epss
scoring_elements 0.61833
published_at 2026-04-02T12:55:00Z
4
value 0.00419
scoring_system epss
scoring_elements 0.61864
published_at 2026-04-04T12:55:00Z
5
value 0.00419
scoring_system epss
scoring_elements 0.61937
published_at 2026-04-18T12:55:00Z
6
value 0.00419
scoring_system epss
scoring_elements 0.61933
published_at 2026-04-16T12:55:00Z
7
value 0.00419
scoring_system epss
scoring_elements 0.61889
published_at 2026-04-13T12:55:00Z
8
value 0.00419
scoring_system epss
scoring_elements 0.61909
published_at 2026-04-12T12:55:00Z
9
value 0.00419
scoring_system epss
scoring_elements 0.61921
published_at 2026-04-11T12:55:00Z
10
value 0.00419
scoring_system epss
scoring_elements 0.619
published_at 2026-04-09T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62258
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27923
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-95q3-8gr9-gm8w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-42.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27923
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
20
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
reference_id 1935401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1935401
22
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
23
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
24
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
25
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases BIT-pillow-2021-27923, CVE-2021-27923, GHSA-95q3-8gr9-gm8w, PYSEC-2021-42
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvjw-funa-sqak
26
url VCID-h4x7-7fke-mqgp
vulnerability_id VCID-h4x7-7fke-mqgp
summary There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
references
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
1
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
2
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
3
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases PYSEC-2020-191
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4x7-7fke-mqgp
27
url VCID-haum-8zpg-6kgf
vulnerability_id VCID-haum-8zpg-6kgf
summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10177.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10177
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54996
published_at 2026-04-21T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.55018
published_at 2026-04-18T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.55015
published_at 2026-04-16T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54978
published_at 2026-04-13T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.55
published_at 2026-04-12T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.55019
published_at 2026-04-11T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.55007
published_at 2026-04-09T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54958
published_at 2026-04-07T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54988
published_at 2026-04-04T12:55:00Z
9
value 0.00319
scoring_system epss
scoring_elements 0.54962
published_at 2026-04-02T12:55:00Z
10
value 0.00319
scoring_system epss
scoring_elements 0.54892
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10177
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cqhg-xjhh-p8hf
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-76.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/00c6dd72d9ed0124cec81040b4bab0979a200fe2
8
reference_url https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/088ce4df981b70fbec140ee54417bcb49a7dffca
9
reference_url https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/11ef7ca53a7d0af4bc52666c29199deffa5fc1bd
10
reference_url https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/19ff42bd683486a8a308743c76972ef6a6482e9b
11
reference_url https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5b490fc413dfab2d52de46a58905c25d9badb650
12
reference_url https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8d4f3c0c5f2fecf175aeb895e9c2d6d06d85bdc9
13
reference_url https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/b4e439d6d7fd986cd6b4c7f9ca18830d79dacd44
14
reference_url https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c5edc361fd6450f805a6a444723b0f68190b1d0c
15
reference_url https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c66d8aa75436f334f686fe32bca8e414bcdd18e6
16
reference_url https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/c88b0204d7c930e3bd72626ae6ea078571cc0ea7
17
reference_url https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/f6926a041b4b544fd2ced3752542afb6c8c19405
18
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
19
reference_url https://github.com/python-pillow/Pillow/issues/4750
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/4750
20
reference_url https://github.com/python-pillow/Pillow/pull/4503
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4503
21
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
22
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10177
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10177
28
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html
29
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
30
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573
31
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
32
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
33
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
34
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
35
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852824
reference_id 1852824
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852824
36
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
37
reference_url https://usn.ubuntu.com/4697-2/
reference_id USN-4697-2
reference_type
scores
url https://usn.ubuntu.com/4697-2/
fixed_packages
0
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-aubw-tsmn-ffcq
11
vulnerability VCID-brp2-dtrf-jyfr
12
vulnerability VCID-d7uf-zdbv-sba1
13
vulnerability VCID-df4x-jt3h-17hx
14
vulnerability VCID-dpc3-td9q-dyee
15
vulnerability VCID-en6t-uxtq-bfek
16
vulnerability VCID-g46h-p8jk-cuhc
17
vulnerability VCID-gvjw-funa-sqak
18
vulnerability VCID-khp6-9hfx-1kge
19
vulnerability VCID-n1hp-atex-ubh4
20
vulnerability VCID-n1w5-f5p7-xuhb
21
vulnerability VCID-p6r3-puh1-zyg6
22
vulnerability VCID-q4bb-qnxe-8bfa
23
vulnerability VCID-rncf-9nf8-wud3
24
vulnerability VCID-ue18-zzau-x7hy
25
vulnerability VCID-vdzj-kqfy-d3b7
26
vulnerability VCID-vwbu-ruxm-tbh4
27
vulnerability VCID-vxh1-8rvt-kkak
28
vulnerability VCID-vyzt-df2u-h3cc
29
vulnerability VCID-w9uy-fnpm-cbak
30
vulnerability VCID-x15z-dejc-9ba6
31
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10177, CVE-2020-10177, GHSA-cqhg-xjhh-p8hf, PYSEC-2020-76
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-haum-8zpg-6kgf
28
url VCID-hmmq-5772-bycm
vulnerability_id VCID-hmmq-5772-bycm
summary libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5313.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5313.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5313
reference_id
reference_type
scores
0
value 0.00551
scoring_system epss
scoring_elements 0.68008
published_at 2026-04-21T12:55:00Z
1
value 0.00551
scoring_system epss
scoring_elements 0.68026
published_at 2026-04-18T12:55:00Z
2
value 0.00551
scoring_system epss
scoring_elements 0.68013
published_at 2026-04-16T12:55:00Z
3
value 0.00551
scoring_system epss
scoring_elements 0.67976
published_at 2026-04-13T12:55:00Z
4
value 0.00551
scoring_system epss
scoring_elements 0.6801
published_at 2026-04-12T12:55:00Z
5
value 0.00551
scoring_system epss
scoring_elements 0.68024
published_at 2026-04-11T12:55:00Z
6
value 0.00551
scoring_system epss
scoring_elements 0.68
published_at 2026-04-09T12:55:00Z
7
value 0.00551
scoring_system epss
scoring_elements 0.67987
published_at 2026-04-08T12:55:00Z
8
value 0.00551
scoring_system epss
scoring_elements 0.67936
published_at 2026-04-07T12:55:00Z
9
value 0.00551
scoring_system epss
scoring_elements 0.67957
published_at 2026-04-04T12:55:00Z
10
value 0.00551
scoring_system epss
scoring_elements 0.67938
published_at 2026-04-02T12:55:00Z
11
value 0.00551
scoring_system epss
scoring_elements 0.67915
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5313
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-hj69-c76v-86wr
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hj69-c76v-86wr
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-84.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-84.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst#622-2020-01-02
10
reference_url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5313
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5313
16
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
17
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
18
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
19
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789532
reference_id 1789532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789532
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
22
reference_url https://access.redhat.com/errata/RHSA-2020:3185
reference_id RHSA-2020:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3185
23
reference_url https://access.redhat.com/errata/RHSA-2020:3887
reference_id RHSA-2020:3887
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3887
24
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5313, CVE-2020-5313, GHSA-hj69-c76v-86wr, PYSEC-2020-84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmmq-5772-bycm
29
url VCID-khp6-9hfx-1kge
vulnerability_id VCID-khp6-9hfx-1kge
summary 
Uncontrolled Resource Consumption in pillow
### Impact
_Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large._

### Patches
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### Workarounds
_An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image._

### References
https://nvd.nist.gov/vuln/detail/CVE-2021-27921

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [example link to repo](http://example.com)
* Email us at [example email address](mailto:example@example.com)
references
0
reference_url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3
1
reference_url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
reference_id GHSA-jgpv-4h4c-xhw3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgpv-4h4c-xhw3
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.1.2
purl pkg:pypi/pillow@8.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3uk9-eds5-rkgc
3
vulnerability VCID-5rv4-k1q9-zue2
4
vulnerability VCID-64n5-pugj-vue8
5
vulnerability VCID-9ckw-ra54-z3b7
6
vulnerability VCID-aubw-tsmn-ffcq
7
vulnerability VCID-brp2-dtrf-jyfr
8
vulnerability VCID-d7uf-zdbv-sba1
9
vulnerability VCID-df4x-jt3h-17hx
10
vulnerability VCID-dpc3-td9q-dyee
11
vulnerability VCID-g46h-p8jk-cuhc
12
vulnerability VCID-n1hp-atex-ubh4
13
vulnerability VCID-n1w5-f5p7-xuhb
14
vulnerability VCID-q4bb-qnxe-8bfa
15
vulnerability VCID-ue18-zzau-x7hy
16
vulnerability VCID-vdzj-kqfy-d3b7
17
vulnerability VCID-vwbu-ruxm-tbh4
18
vulnerability VCID-vyzt-df2u-h3cc
19
vulnerability VCID-w9uy-fnpm-cbak
20
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.2
aliases GHSA-jgpv-4h4c-xhw3, GMS-2021-167
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khp6-9hfx-1kge
30
url VCID-m3tm-h4q9-9yay
vulnerability_id VCID-m3tm-h4q9-9yay
summary libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5311.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5311.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5311
reference_id
reference_type
scores
0
value 0.01304
scoring_system epss
scoring_elements 0.79754
published_at 2026-04-09T12:55:00Z
1
value 0.01304
scoring_system epss
scoring_elements 0.79747
published_at 2026-04-08T12:55:00Z
2
value 0.01304
scoring_system epss
scoring_elements 0.79718
published_at 2026-04-07T12:55:00Z
3
value 0.01304
scoring_system epss
scoring_elements 0.79733
published_at 2026-04-04T12:55:00Z
4
value 0.01304
scoring_system epss
scoring_elements 0.79712
published_at 2026-04-02T12:55:00Z
5
value 0.01304
scoring_system epss
scoring_elements 0.79705
published_at 2026-04-01T12:55:00Z
6
value 0.01304
scoring_system epss
scoring_elements 0.79785
published_at 2026-04-21T12:55:00Z
7
value 0.01304
scoring_system epss
scoring_elements 0.7978
published_at 2026-04-16T12:55:00Z
8
value 0.01304
scoring_system epss
scoring_elements 0.79753
published_at 2026-04-13T12:55:00Z
9
value 0.01304
scoring_system epss
scoring_elements 0.7976
published_at 2026-04-12T12:55:00Z
10
value 0.01304
scoring_system epss
scoring_elements 0.79776
published_at 2026-04-11T12:55:00Z
11
value 0.01304
scoring_system epss
scoring_elements 0.79781
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5311
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-r7rm-8j6h-r933
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r7rm-8j6h-r933
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-82.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-82.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5311
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5311
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
16
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
17
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
18
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789535
reference_id 1789535
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789535
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
21
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5311, CVE-2020-5311, GHSA-r7rm-8j6h-r933, PYSEC-2020-82
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3tm-h4q9-9yay
31
url VCID-ma2g-2f8d-dqa9
vulnerability_id VCID-ma2g-2f8d-dqa9
summary The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3598.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3598.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3598
reference_id
reference_type
scores
0
value 0.00403
scoring_system epss
scoring_elements 0.6083
published_at 2026-04-04T12:55:00Z
1
value 0.00403
scoring_system epss
scoring_elements 0.6088
published_at 2026-04-11T12:55:00Z
2
value 0.00403
scoring_system epss
scoring_elements 0.60859
published_at 2026-04-09T12:55:00Z
3
value 0.00403
scoring_system epss
scoring_elements 0.60843
published_at 2026-04-08T12:55:00Z
4
value 0.00403
scoring_system epss
scoring_elements 0.60794
published_at 2026-04-07T12:55:00Z
5
value 0.00403
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-01T12:55:00Z
6
value 0.00403
scoring_system epss
scoring_elements 0.608
published_at 2026-04-02T12:55:00Z
7
value 0.00403
scoring_system epss
scoring_elements 0.60878
published_at 2026-04-21T12:55:00Z
8
value 0.00403
scoring_system epss
scoring_elements 0.60894
published_at 2026-04-18T12:55:00Z
9
value 0.00403
scoring_system epss
scoring_elements 0.6089
published_at 2026-04-16T12:55:00Z
10
value 0.00403
scoring_system epss
scoring_elements 0.60848
published_at 2026-04-13T12:55:00Z
11
value 0.00403
scoring_system epss
scoring_elements 0.60867
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3598
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3598
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-15.yaml
5
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
6
reference_url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/347a1d8d956f9e64af4463ee25311b60cdd5657d
7
reference_url https://pypi.python.org/pypi/Pillow/2.5.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.5.3
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1163441
reference_id 1163441
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1163441
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
reference_id CVE-2014-3598
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3598
10
reference_url https://github.com/advisories/GHSA-j6f7-g425-4gmx
reference_id GHSA-j6f7-g425-4gmx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6f7-g425-4gmx
fixed_packages
0
url pkg:pypi/pillow@2.5.3
purl pkg:pypi/pillow@2.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-366h-8f99-r7at
3
vulnerability VCID-3qb5-8p8w-gkad
4
vulnerability VCID-3uk9-eds5-rkgc
5
vulnerability VCID-53ac-ceq4-qkhf
6
vulnerability VCID-5rv4-k1q9-zue2
7
vulnerability VCID-64n5-pugj-vue8
8
vulnerability VCID-6gyu-fzpg-c3bn
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-avx2-mahw-mqes
14
vulnerability VCID-b3au-rcgp-2fag
15
vulnerability VCID-b5a2-83ej-puaw
16
vulnerability VCID-brp2-dtrf-jyfr
17
vulnerability VCID-cas2-jb3y-vyhz
18
vulnerability VCID-d7uf-zdbv-sba1
19
vulnerability VCID-df4x-jt3h-17hx
20
vulnerability VCID-dgds-v95g-pbcv
21
vulnerability VCID-dpc3-td9q-dyee
22
vulnerability VCID-e3gp-zc2b-budg
23
vulnerability VCID-en6t-uxtq-bfek
24
vulnerability VCID-g46h-p8jk-cuhc
25
vulnerability VCID-gvjw-funa-sqak
26
vulnerability VCID-h4x7-7fke-mqgp
27
vulnerability VCID-haum-8zpg-6kgf
28
vulnerability VCID-hmmq-5772-bycm
29
vulnerability VCID-khp6-9hfx-1kge
30
vulnerability VCID-m3tm-h4q9-9yay
31
vulnerability VCID-n1hp-atex-ubh4
32
vulnerability VCID-n1w5-f5p7-xuhb
33
vulnerability VCID-p6r3-puh1-zyg6
34
vulnerability VCID-q4bb-qnxe-8bfa
35
vulnerability VCID-qjqr-jyjn-xfh9
36
vulnerability VCID-rncf-9nf8-wud3
37
vulnerability VCID-sns1-ksqr-vbhr
38
vulnerability VCID-stft-hsk9-zfdy
39
vulnerability VCID-u1en-t8ux-uube
40
vulnerability VCID-ue18-zzau-x7hy
41
vulnerability VCID-uf5t-asns-tudp
42
vulnerability VCID-vdzj-kqfy-d3b7
43
vulnerability VCID-vwbu-ruxm-tbh4
44
vulnerability VCID-vxh1-8rvt-kkak
45
vulnerability VCID-vyzt-df2u-h3cc
46
vulnerability VCID-w9uy-fnpm-cbak
47
vulnerability VCID-x15z-dejc-9ba6
48
vulnerability VCID-xesd-d294-7fcx
49
vulnerability VCID-xk66-1d31-2qbk
50
vulnerability VCID-yccg-zw89-vqff
51
vulnerability VCID-zmd3-henq-r7bd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.3
aliases CVE-2014-3598, GHSA-j6f7-g425-4gmx, PYSEC-2015-15
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma2g-2f8d-dqa9
32
url VCID-n1hp-atex-ubh4
vulnerability_id VCID-n1hp-atex-ubh4
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44271.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44438
published_at 2026-04-18T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44447
published_at 2026-04-16T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44392
published_at 2026-04-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44391
published_at 2026-04-13T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44406
published_at 2026-04-09T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44399
published_at 2026-04-08T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44347
published_at 2026-04-07T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.44413
published_at 2026-04-04T12:55:00Z
8
value 0.00218
scoring_system epss
scoring_elements 0.44423
published_at 2026-04-11T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.45083
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44271
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
5
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
10
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7244
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
reference_id 2247820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2247820
14
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
16
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
17
reference_url https://security.gentoo.org/glsa/202405-12
reference_id GLSA-202405-12
reference_type
scores
url https://security.gentoo.org/glsa/202405-12
18
reference_url https://access.redhat.com/errata/RHSA-2024:0345
reference_id RHSA-2024:0345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0345
19
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
20
reference_url https://access.redhat.com/errata/RHSA-2024:3005
reference_id RHSA-2024:3005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3005
21
reference_url https://usn.ubuntu.com/6618-1/
reference_id USN-6618-1
reference_type
scores
url https://usn.ubuntu.com/6618-1/
22
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rv4-k1q9-zue2
1
vulnerability VCID-64n5-pugj-vue8
2
vulnerability VCID-9ckw-ra54-z3b7
3
vulnerability VCID-d7uf-zdbv-sba1
4
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases BIT-pillow-2023-44271, CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1hp-atex-ubh4
33
url VCID-n1w5-f5p7-xuhb
vulnerability_id VCID-n1w5-f5p7-xuhb
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57007
published_at 2026-04-18T12:55:00Z
1
value 0.00343
scoring_system epss
scoring_elements 0.5701
published_at 2026-04-16T12:55:00Z
2
value 0.00343
scoring_system epss
scoring_elements 0.56981
published_at 2026-04-13T12:55:00Z
3
value 0.00343
scoring_system epss
scoring_elements 0.57005
published_at 2026-04-12T12:55:00Z
4
value 0.00343
scoring_system epss
scoring_elements 0.57025
published_at 2026-04-11T12:55:00Z
5
value 0.00343
scoring_system epss
scoring_elements 0.57014
published_at 2026-04-09T12:55:00Z
6
value 0.00343
scoring_system epss
scoring_elements 0.57011
published_at 2026-04-08T12:55:00Z
7
value 0.00343
scoring_system epss
scoring_elements 0.56963
published_at 2026-04-02T12:55:00Z
8
value 0.00343
scoring_system epss
scoring_elements 0.56961
published_at 2026-04-07T12:55:00Z
9
value 0.00343
scoring_system epss
scoring_elements 0.56985
published_at 2026-04-04T12:55:00Z
10
value 0.00343
scoring_system epss
scoring_elements 0.56866
published_at 2026-04-01T12:55:00Z
11
value 0.00353
scoring_system epss
scoring_elements 0.57699
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25287
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-77gc-v2xv-rvvh
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-137.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
9
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25287
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
14
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
reference_id 1958226
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958226
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
17
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
18
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
19
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25287, CVE-2021-25287, GHSA-77gc-v2xv-rvvh, PYSEC-2021-137
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1w5-f5p7-xuhb
34
url VCID-p6r3-puh1-zyg6
vulnerability_id VCID-p6r3-puh1-zyg6
summary An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25293.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
reference_id
reference_type
scores
0
value 0.001
scoring_system epss
scoring_elements 0.27731
published_at 2026-04-16T12:55:00Z
1
value 0.001
scoring_system epss
scoring_elements 0.27723
published_at 2026-04-13T12:55:00Z
2
value 0.001
scoring_system epss
scoring_elements 0.2778
published_at 2026-04-12T12:55:00Z
3
value 0.001
scoring_system epss
scoring_elements 0.27822
published_at 2026-04-11T12:55:00Z
4
value 0.001
scoring_system epss
scoring_elements 0.27816
published_at 2026-04-09T12:55:00Z
5
value 0.001
scoring_system epss
scoring_elements 0.27773
published_at 2026-04-08T12:55:00Z
6
value 0.001
scoring_system epss
scoring_elements 0.27705
published_at 2026-04-18T12:55:00Z
7
value 0.001
scoring_system epss
scoring_elements 0.27913
published_at 2026-04-04T12:55:00Z
8
value 0.001
scoring_system epss
scoring_elements 0.27873
published_at 2026-04-02T12:55:00Z
9
value 0.001
scoring_system epss
scoring_elements 0.27823
published_at 2026-04-01T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38018
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25293
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p43w-g3c5-g5mq
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-39.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9
8
reference_url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25293
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
reference_id 1934705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934705
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
16
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25293, CVE-2021-25293, GHSA-p43w-g3c5-g5mq, PYSEC-2021-39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6r3-puh1-zyg6
35
url VCID-q4bb-qnxe-8bfa
vulnerability_id VCID-q4bb-qnxe-8bfa
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
reference_id
reference_type
scores
0
value 0.02781
scoring_system epss
scoring_elements 0.86079
published_at 2026-04-21T12:55:00Z
1
value 0.02781
scoring_system epss
scoring_elements 0.86086
published_at 2026-04-18T12:55:00Z
2
value 0.02781
scoring_system epss
scoring_elements 0.86081
published_at 2026-04-16T12:55:00Z
3
value 0.02781
scoring_system epss
scoring_elements 0.86064
published_at 2026-04-13T12:55:00Z
4
value 0.02781
scoring_system epss
scoring_elements 0.86068
published_at 2026-04-12T12:55:00Z
5
value 0.02781
scoring_system epss
scoring_elements 0.86071
published_at 2026-04-11T12:55:00Z
6
value 0.02781
scoring_system epss
scoring_elements 0.86057
published_at 2026-04-09T12:55:00Z
7
value 0.02781
scoring_system epss
scoring_elements 0.86047
published_at 2026-04-08T12:55:00Z
8
value 0.02781
scoring_system epss
scoring_elements 0.86027
published_at 2026-04-07T12:55:00Z
9
value 0.02781
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-04T12:55:00Z
10
value 0.02781
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-22817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
10
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
11
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
14
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://security.gentoo.org/glsa/202211-10
15
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-15T17:36:26Z/
url https://www.debian.org/security/2022/dsa-5053
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
reference_id 2042527
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2042527
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
18
reference_url https://access.redhat.com/errata/RHSA-2022:0609
reference_id RHSA-2022:0609
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0609
19
reference_url https://access.redhat.com/errata/RHSA-2022:0643
reference_id RHSA-2022:0643
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0643
20
reference_url https://access.redhat.com/errata/RHSA-2022:0665
reference_id RHSA-2022:0665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0665
21
reference_url https://access.redhat.com/errata/RHSA-2022:0667
reference_id RHSA-2022:0667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0667
22
reference_url https://access.redhat.com/errata/RHSA-2022:0669
reference_id RHSA-2022:0669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0669
23
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
24
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
25
reference_url https://usn.ubuntu.com/5227-3/
reference_id USN-5227-3
reference_type
scores
url https://usn.ubuntu.com/5227-3/
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-brp2-dtrf-jyfr
5
vulnerability VCID-d7uf-zdbv-sba1
6
vulnerability VCID-n1hp-atex-ubh4
7
vulnerability VCID-q4bb-qnxe-8bfa
8
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-5rv4-k1q9-zue2
2
vulnerability VCID-64n5-pugj-vue8
3
vulnerability VCID-9ckw-ra54-z3b7
4
vulnerability VCID-d7uf-zdbv-sba1
5
vulnerability VCID-n1hp-atex-ubh4
6
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases BIT-pillow-2022-22817, CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4bb-qnxe-8bfa
36
url VCID-qjqr-jyjn-xfh9
vulnerability_id VCID-qjqr-jyjn-xfh9
summary Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148442.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
2
reference_url http://pillow.readthedocs.org/releasenotes/2.7.0.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.org/releasenotes/2.7.0.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9601.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9601.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9601
reference_id
reference_type
scores
0
value 0.01034
scoring_system epss
scoring_elements 0.77396
published_at 2026-04-21T12:55:00Z
1
value 0.01034
scoring_system epss
scoring_elements 0.77404
published_at 2026-04-18T12:55:00Z
2
value 0.01207
scoring_system epss
scoring_elements 0.78966
published_at 2026-04-09T12:55:00Z
3
value 0.01207
scoring_system epss
scoring_elements 0.78918
published_at 2026-04-01T12:55:00Z
4
value 0.01207
scoring_system epss
scoring_elements 0.78924
published_at 2026-04-02T12:55:00Z
5
value 0.01207
scoring_system epss
scoring_elements 0.78952
published_at 2026-04-04T12:55:00Z
6
value 0.01207
scoring_system epss
scoring_elements 0.78936
published_at 2026-04-07T12:55:00Z
7
value 0.01207
scoring_system epss
scoring_elements 0.7896
published_at 2026-04-08T12:55:00Z
8
value 0.01207
scoring_system epss
scoring_elements 0.7899
published_at 2026-04-11T12:55:00Z
9
value 0.01207
scoring_system epss
scoring_elements 0.78975
published_at 2026-04-12T12:55:00Z
10
value 0.01207
scoring_system epss
scoring_elements 0.78965
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9601
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9601
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2015-16.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/pull/1060
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1060
9
reference_url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227221255/http://www.securityfocus.com/bid/77758
10
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release
11
reference_url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
reference_id
reference_type
scores
url https://www.djangoproject.com/weblog/2015/jan/02/pillow-security-release/
12
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
13
reference_url http://www.securityfocus.com/bid/77758
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77758
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1179354
reference_id 1179354
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1179354
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776303
reference_id 776303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776303
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
reference_id CVE-2014-9601
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-9601
17
reference_url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
reference_id GHSA-h5rf-vgqx-wjv2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5rf-vgqx-wjv2
18
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
19
reference_url https://usn.ubuntu.com/3090-2/
reference_id USN-3090-2
reference_type
scores
url https://usn.ubuntu.com/3090-2/
20
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
21
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@2.7.0
purl pkg:pypi/pillow@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-366h-8f99-r7at
3
vulnerability VCID-3qb5-8p8w-gkad
4
vulnerability VCID-3uk9-eds5-rkgc
5
vulnerability VCID-53ac-ceq4-qkhf
6
vulnerability VCID-5rv4-k1q9-zue2
7
vulnerability VCID-64n5-pugj-vue8
8
vulnerability VCID-6gyu-fzpg-c3bn
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-avx2-mahw-mqes
14
vulnerability VCID-b3au-rcgp-2fag
15
vulnerability VCID-b5a2-83ej-puaw
16
vulnerability VCID-brp2-dtrf-jyfr
17
vulnerability VCID-cas2-jb3y-vyhz
18
vulnerability VCID-d7uf-zdbv-sba1
19
vulnerability VCID-df4x-jt3h-17hx
20
vulnerability VCID-dgds-v95g-pbcv
21
vulnerability VCID-dpc3-td9q-dyee
22
vulnerability VCID-e3gp-zc2b-budg
23
vulnerability VCID-en6t-uxtq-bfek
24
vulnerability VCID-g46h-p8jk-cuhc
25
vulnerability VCID-gvjw-funa-sqak
26
vulnerability VCID-h4x7-7fke-mqgp
27
vulnerability VCID-haum-8zpg-6kgf
28
vulnerability VCID-hmmq-5772-bycm
29
vulnerability VCID-khp6-9hfx-1kge
30
vulnerability VCID-m3tm-h4q9-9yay
31
vulnerability VCID-n1hp-atex-ubh4
32
vulnerability VCID-n1w5-f5p7-xuhb
33
vulnerability VCID-p6r3-puh1-zyg6
34
vulnerability VCID-q4bb-qnxe-8bfa
35
vulnerability VCID-rncf-9nf8-wud3
36
vulnerability VCID-sns1-ksqr-vbhr
37
vulnerability VCID-stft-hsk9-zfdy
38
vulnerability VCID-u1en-t8ux-uube
39
vulnerability VCID-ue18-zzau-x7hy
40
vulnerability VCID-uf5t-asns-tudp
41
vulnerability VCID-vdzj-kqfy-d3b7
42
vulnerability VCID-vwbu-ruxm-tbh4
43
vulnerability VCID-vxh1-8rvt-kkak
44
vulnerability VCID-vyzt-df2u-h3cc
45
vulnerability VCID-w9uy-fnpm-cbak
46
vulnerability VCID-x15z-dejc-9ba6
47
vulnerability VCID-xesd-d294-7fcx
48
vulnerability VCID-xk66-1d31-2qbk
49
vulnerability VCID-yccg-zw89-vqff
50
vulnerability VCID-zmd3-henq-r7bd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.7.0
aliases CVE-2014-9601, GHSA-h5rf-vgqx-wjv2, PYSEC-2015-16
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjqr-jyjn-xfh9
37
url VCID-rncf-9nf8-wud3
vulnerability_id VCID-rncf-9nf8-wud3
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
reference_id
reference_type
scores
0
value 0.00143
scoring_system epss
scoring_elements 0.34335
published_at 2026-04-01T12:55:00Z
1
value 0.00143
scoring_system epss
scoring_elements 0.34596
published_at 2026-04-16T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.34558
published_at 2026-04-13T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.34582
published_at 2026-04-18T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34621
published_at 2026-04-11T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.3462
published_at 2026-04-09T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34591
published_at 2026-04-08T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34548
published_at 2026-04-07T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34679
published_at 2026-04-04T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34653
published_at 2026-04-02T12:55:00Z
10
value 0.00247
scoring_system epss
scoring_elements 0.47959
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25290
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8xjq-8fcg-g5hw
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-36.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa
8
reference_url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25290
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
reference_id 1934685
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934685
14
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25290, CVE-2021-25290, GHSA-8xjq-8fcg-g5hw, PYSEC-2021-36
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rncf-9nf8-wud3
38
url VCID-sns1-ksqr-vbhr
vulnerability_id VCID-sns1-ksqr-vbhr
summary libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5312.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5312.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5312
reference_id
reference_type
scores
0
value 0.0173
scoring_system epss
scoring_elements 0.82494
published_at 2026-04-21T12:55:00Z
1
value 0.0173
scoring_system epss
scoring_elements 0.8238
published_at 2026-04-01T12:55:00Z
2
value 0.0173
scoring_system epss
scoring_elements 0.82394
published_at 2026-04-02T12:55:00Z
3
value 0.0173
scoring_system epss
scoring_elements 0.82412
published_at 2026-04-04T12:55:00Z
4
value 0.0173
scoring_system epss
scoring_elements 0.82409
published_at 2026-04-07T12:55:00Z
5
value 0.0173
scoring_system epss
scoring_elements 0.82437
published_at 2026-04-08T12:55:00Z
6
value 0.0173
scoring_system epss
scoring_elements 0.82444
published_at 2026-04-09T12:55:00Z
7
value 0.0173
scoring_system epss
scoring_elements 0.82462
published_at 2026-04-11T12:55:00Z
8
value 0.0173
scoring_system epss
scoring_elements 0.82458
published_at 2026-04-12T12:55:00Z
9
value 0.0173
scoring_system epss
scoring_elements 0.82453
published_at 2026-04-13T12:55:00Z
10
value 0.0173
scoring_system epss
scoring_elements 0.82489
published_at 2026-04-16T12:55:00Z
11
value 0.0173
scoring_system epss
scoring_elements 0.8249
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5312
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19911
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-p49h-hjvm-jg3h
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-83.yaml
14
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-83.yaml
15
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
16
reference_url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
21
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
22
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
23
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
24
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4631
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789533
reference_id 1789533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789533
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
reference_id CVE-2020-5312
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5312
28
reference_url https://access.redhat.com/errata/RHSA-2020:0898
reference_id RHSA-2020:0898
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0898
29
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5312, CVE-2020-5312, GHSA-p49h-hjvm-jg3h, PYSEC-2020-83
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sns1-ksqr-vbhr
39
url VCID-stft-hsk9-zfdy
vulnerability_id VCID-stft-hsk9-zfdy
summary libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5310.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5310.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5310
reference_id
reference_type
scores
0
value 0.00611
scoring_system epss
scoring_elements 0.69829
published_at 2026-04-21T12:55:00Z
1
value 0.00611
scoring_system epss
scoring_elements 0.69848
published_at 2026-04-18T12:55:00Z
2
value 0.00611
scoring_system epss
scoring_elements 0.69838
published_at 2026-04-16T12:55:00Z
3
value 0.00611
scoring_system epss
scoring_elements 0.69796
published_at 2026-04-13T12:55:00Z
4
value 0.00611
scoring_system epss
scoring_elements 0.6981
published_at 2026-04-12T12:55:00Z
5
value 0.00611
scoring_system epss
scoring_elements 0.69825
published_at 2026-04-11T12:55:00Z
6
value 0.00611
scoring_system epss
scoring_elements 0.69802
published_at 2026-04-09T12:55:00Z
7
value 0.00611
scoring_system epss
scoring_elements 0.69786
published_at 2026-04-08T12:55:00Z
8
value 0.00611
scoring_system epss
scoring_elements 0.69738
published_at 2026-04-07T12:55:00Z
9
value 0.00611
scoring_system epss
scoring_elements 0.69761
published_at 2026-04-04T12:55:00Z
10
value 0.00611
scoring_system epss
scoring_elements 0.69745
published_at 2026-04-02T12:55:00Z
11
value 0.00611
scoring_system epss
scoring_elements 0.69734
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5310
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vcqg-3p29-xw73
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vcqg-3p29-xw73
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-81.yaml
6
reference_url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-81.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MMU3WT2X64GS5WHDPKKC2WZA7UIIQ3A/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DUMIBUYGJRAVJCTFUWBRLVQKOUTVX5P/
13
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/6.2.2.html
14
reference_url https://usn.ubuntu.com/4272-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4272-1
15
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789538
reference_id 1789538
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789538
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
reference_id 948224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948224
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
reference_id CVE-2020-5310
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5310
19
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@6.2.2
purl pkg:pypi/pillow@6.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.2
aliases BIT-pillow-2020-5310, CVE-2020-5310, GHSA-vcqg-3p29-xw73, PYSEC-2020-81
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stft-hsk9-zfdy
40
url VCID-u1en-t8ux-uube
vulnerability_id VCID-u1en-t8ux-uube
summary Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
references
0
reference_url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9190.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
reference_id
reference_type
scores
0
value 0.00566
scoring_system epss
scoring_elements 0.68451
published_at 2026-04-13T12:55:00Z
1
value 0.00566
scoring_system epss
scoring_elements 0.68484
published_at 2026-04-12T12:55:00Z
2
value 0.00566
scoring_system epss
scoring_elements 0.68496
published_at 2026-04-11T12:55:00Z
3
value 0.00566
scoring_system epss
scoring_elements 0.6847
published_at 2026-04-09T12:55:00Z
4
value 0.00566
scoring_system epss
scoring_elements 0.68453
published_at 2026-04-08T12:55:00Z
5
value 0.00566
scoring_system epss
scoring_elements 0.68403
published_at 2026-04-07T12:55:00Z
6
value 0.00566
scoring_system epss
scoring_elements 0.68427
published_at 2026-04-04T12:55:00Z
7
value 0.00566
scoring_system epss
scoring_elements 0.68407
published_at 2026-04-02T12:55:00Z
8
value 0.00566
scoring_system epss
scoring_elements 0.68489
published_at 2026-04-16T12:55:00Z
9
value 0.00566
scoring_system epss
scoring_elements 0.68387
published_at 2026-04-01T12:55:00Z
10
value 0.00566
scoring_system epss
scoring_elements 0.68502
published_at 2026-04-18T12:55:00Z
11
value 0.00566
scoring_system epss
scoring_elements 0.68481
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9190
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9189
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9190
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w4vg-rf63-f3j3
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-9.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/issues/2105
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/issues/2105
10
reference_url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
11
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
12
reference_url http://www.debian.org/security/2016/dsa-3710
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3710
13
reference_url http://www.securityfocus.com/bid/94234
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94234
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
reference_id 1382006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1382006
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
reference_id CVE-2016-9190
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9190
16
reference_url https://usn.ubuntu.com/3229-1/
reference_id USN-3229-1
reference_type
scores
url https://usn.ubuntu.com/3229-1/
17
reference_url https://usn.ubuntu.com/3230-1/
reference_id USN-3230-1
reference_type
scores
url https://usn.ubuntu.com/3230-1/
fixed_packages
0
url pkg:pypi/pillow@3.3.2
purl pkg:pypi/pillow@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-en6t-uxtq-bfek
20
vulnerability VCID-g46h-p8jk-cuhc
21
vulnerability VCID-gvjw-funa-sqak
22
vulnerability VCID-h4x7-7fke-mqgp
23
vulnerability VCID-haum-8zpg-6kgf
24
vulnerability VCID-hmmq-5772-bycm
25
vulnerability VCID-khp6-9hfx-1kge
26
vulnerability VCID-m3tm-h4q9-9yay
27
vulnerability VCID-n1hp-atex-ubh4
28
vulnerability VCID-n1w5-f5p7-xuhb
29
vulnerability VCID-p6r3-puh1-zyg6
30
vulnerability VCID-q4bb-qnxe-8bfa
31
vulnerability VCID-rncf-9nf8-wud3
32
vulnerability VCID-sns1-ksqr-vbhr
33
vulnerability VCID-stft-hsk9-zfdy
34
vulnerability VCID-ue18-zzau-x7hy
35
vulnerability VCID-uf5t-asns-tudp
36
vulnerability VCID-vdzj-kqfy-d3b7
37
vulnerability VCID-vwbu-ruxm-tbh4
38
vulnerability VCID-vxh1-8rvt-kkak
39
vulnerability VCID-vyzt-df2u-h3cc
40
vulnerability VCID-w9uy-fnpm-cbak
41
vulnerability VCID-x15z-dejc-9ba6
42
vulnerability VCID-xesd-d294-7fcx
43
vulnerability VCID-xk66-1d31-2qbk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.3.2
aliases CVE-2016-9190, GHSA-w4vg-rf63-f3j3, PYSEC-2016-9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1en-t8ux-uube
41
url VCID-ue18-zzau-x7hy
vulnerability_id VCID-ue18-zzau-x7hy
summary An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25288.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
reference_id
reference_type
scores
0
value 0.00267
scoring_system epss
scoring_elements 0.50231
published_at 2026-04-18T12:55:00Z
1
value 0.00267
scoring_system epss
scoring_elements 0.5023
published_at 2026-04-16T12:55:00Z
2
value 0.00267
scoring_system epss
scoring_elements 0.50186
published_at 2026-04-13T12:55:00Z
3
value 0.00267
scoring_system epss
scoring_elements 0.50224
published_at 2026-04-11T12:55:00Z
4
value 0.00267
scoring_system epss
scoring_elements 0.50196
published_at 2026-04-09T12:55:00Z
5
value 0.00267
scoring_system epss
scoring_elements 0.50203
published_at 2026-04-08T12:55:00Z
6
value 0.00267
scoring_system epss
scoring_elements 0.50149
published_at 2026-04-07T12:55:00Z
7
value 0.00267
scoring_system epss
scoring_elements 0.50125
published_at 2026-04-01T12:55:00Z
8
value 0.00267
scoring_system epss
scoring_elements 0.50198
published_at 2026-04-12T12:55:00Z
9
value 0.00267
scoring_system epss
scoring_elements 0.50171
published_at 2026-04-02T12:55:00Z
10
value 0.00274
scoring_system epss
scoring_elements 0.50917
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25288
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-rwv7-3v45-hg29
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rwv7-3v45-hg29
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-138.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
8
reference_url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25288
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
reference_id 1958231
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958231
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
18
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25288, CVE-2021-25288, GHSA-rwv7-3v45-hg29, PYSEC-2021-138
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue18-zzau-x7hy
42
url VCID-uf5t-asns-tudp
vulnerability_id VCID-uf5t-asns-tudp
summary In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10994.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10994.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10994
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62204
published_at 2026-04-21T12:55:00Z
1
value 0.00424
scoring_system epss
scoring_elements 0.62221
published_at 2026-04-18T12:55:00Z
2
value 0.00424
scoring_system epss
scoring_elements 0.62214
published_at 2026-04-16T12:55:00Z
3
value 0.00424
scoring_system epss
scoring_elements 0.62171
published_at 2026-04-13T12:55:00Z
4
value 0.00424
scoring_system epss
scoring_elements 0.62191
published_at 2026-04-12T12:55:00Z
5
value 0.00424
scoring_system epss
scoring_elements 0.62202
published_at 2026-04-11T12:55:00Z
6
value 0.00424
scoring_system epss
scoring_elements 0.62183
published_at 2026-04-09T12:55:00Z
7
value 0.00424
scoring_system epss
scoring_elements 0.62165
published_at 2026-04-08T12:55:00Z
8
value 0.00424
scoring_system epss
scoring_elements 0.62148
published_at 2026-04-04T12:55:00Z
9
value 0.00424
scoring_system epss
scoring_elements 0.62115
published_at 2026-04-07T12:55:00Z
10
value 0.00424
scoring_system epss
scoring_elements 0.62056
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10994
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vj42-xq3r-hr3r
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-79.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2020-79.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security
8
reference_url https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4
9
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging
10
reference_url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commits/master/src/libImaging/
11
reference_url https://github.com/python-pillow/Pillow/pull/4505
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4505
12
reference_url https://github.com/python-pillow/Pillow/pull/4538
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/4538
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10994
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10994
18
reference_url https://pillow.readthedocs.io/en/stable/releasenotes
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes
19
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/
20
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html
21
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575
22
reference_url https://usn.ubuntu.com/4430-1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-1
23
reference_url https://usn.ubuntu.com/4430-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-1/
24
reference_url https://usn.ubuntu.com/4430-2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4430-2
25
reference_url https://usn.ubuntu.com/4430-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4430-2/
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852820
reference_id 1852820
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852820
27
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/pillow@7.0.0
purl pkg:pypi/pillow@7.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-d7uf-zdbv-sba1
16
vulnerability VCID-df4x-jt3h-17hx
17
vulnerability VCID-dpc3-td9q-dyee
18
vulnerability VCID-en6t-uxtq-bfek
19
vulnerability VCID-g46h-p8jk-cuhc
20
vulnerability VCID-gvjw-funa-sqak
21
vulnerability VCID-haum-8zpg-6kgf
22
vulnerability VCID-khp6-9hfx-1kge
23
vulnerability VCID-n1hp-atex-ubh4
24
vulnerability VCID-n1w5-f5p7-xuhb
25
vulnerability VCID-p6r3-puh1-zyg6
26
vulnerability VCID-q4bb-qnxe-8bfa
27
vulnerability VCID-rncf-9nf8-wud3
28
vulnerability VCID-ue18-zzau-x7hy
29
vulnerability VCID-uf5t-asns-tudp
30
vulnerability VCID-vdzj-kqfy-d3b7
31
vulnerability VCID-vwbu-ruxm-tbh4
32
vulnerability VCID-vxh1-8rvt-kkak
33
vulnerability VCID-vyzt-df2u-h3cc
34
vulnerability VCID-w9uy-fnpm-cbak
35
vulnerability VCID-x15z-dejc-9ba6
36
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.0.0
1
url pkg:pypi/pillow@7.1.0
purl pkg:pypi/pillow@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-aubw-tsmn-ffcq
11
vulnerability VCID-brp2-dtrf-jyfr
12
vulnerability VCID-d7uf-zdbv-sba1
13
vulnerability VCID-df4x-jt3h-17hx
14
vulnerability VCID-dpc3-td9q-dyee
15
vulnerability VCID-en6t-uxtq-bfek
16
vulnerability VCID-g46h-p8jk-cuhc
17
vulnerability VCID-gvjw-funa-sqak
18
vulnerability VCID-khp6-9hfx-1kge
19
vulnerability VCID-n1hp-atex-ubh4
20
vulnerability VCID-n1w5-f5p7-xuhb
21
vulnerability VCID-p6r3-puh1-zyg6
22
vulnerability VCID-q4bb-qnxe-8bfa
23
vulnerability VCID-rncf-9nf8-wud3
24
vulnerability VCID-ue18-zzau-x7hy
25
vulnerability VCID-vdzj-kqfy-d3b7
26
vulnerability VCID-vwbu-ruxm-tbh4
27
vulnerability VCID-vxh1-8rvt-kkak
28
vulnerability VCID-vyzt-df2u-h3cc
29
vulnerability VCID-w9uy-fnpm-cbak
30
vulnerability VCID-x15z-dejc-9ba6
31
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@7.1.0
aliases BIT-pillow-2020-10994, CVE-2020-10994, GHSA-vj42-xq3r-hr3r, PYSEC-2020-79
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uf5t-asns-tudp
43
url VCID-vdzj-kqfy-d3b7
vulnerability_id VCID-vdzj-kqfy-d3b7
summary 
libwebp: OOB write in BuildHuffmanTable
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4863.json
1
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
2
reference_url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
reference_id
reference_type
scores
0
value 0.93606
scoring_system epss
scoring_elements 0.99837
published_at 2026-04-18T12:55:00Z
1
value 0.93606
scoring_system epss
scoring_elements 0.99835
published_at 2026-04-07T12:55:00Z
2
value 0.93606
scoring_system epss
scoring_elements 0.99836
published_at 2026-04-13T12:55:00Z
3
value 0.94083
scoring_system epss
scoring_elements 0.99905
published_at 2026-04-12T12:55:00Z
4
value 0.94117
scoring_system epss
scoring_elements 0.99911
published_at 2026-04-21T12:55:00Z
5
value 0.94117
scoring_system epss
scoring_elements 0.99909
published_at 2026-04-04T12:55:00Z
6
value 0.94117
scoring_system epss
scoring_elements 0.9991
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4863
4
reference_url https://blog.isosceles.com/the-webp-0day
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.isosceles.com/the-webp-0day
5
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1215231
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://bugzilla.suse.com/show_bug.cgi?id=1215231
6
reference_url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
7
reference_url https://crbug.com/1479274
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://crbug.com/1479274
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
9
reference_url https://en.bandisoft.com/honeyview/history
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://en.bandisoft.com/honeyview/history
10
reference_url https://en.bandisoft.com/honeyview/history/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://en.bandisoft.com/honeyview/history/
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
13
reference_url https://github.com/electron/electron/pull/39823
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39823
14
reference_url https://github.com/electron/electron/pull/39825
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39825
15
reference_url https://github.com/electron/electron/pull/39826
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39826
16
reference_url https://github.com/electron/electron/pull/39827
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39827
17
reference_url https://github.com/electron/electron/pull/39828
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/39828
18
reference_url https://github.com/ImageMagick/ImageMagick/discussions/6664
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ImageMagick/ImageMagick/discussions/6664
19
reference_url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
20
reference_url https://github.com/jaredforth/webp/pull/30
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jaredforth/webp/pull/30
21
reference_url https://github.com/python-pillow/Pillow/pull/7395
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/7395
22
reference_url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
23
reference_url https://github.com/qnighy/libwebp-sys2-rs/pull/21
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/qnighy/libwebp-sys2-rs/pull/21
24
reference_url https://github.com/webmproject/libwebp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/webmproject/libwebp
25
reference_url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
26
reference_url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://github.com/webmproject/libwebp/releases/tag/v1.3.2
27
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
28
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
29
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
42
reference_url https://news.ycombinator.com/item?id=37478403
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://news.ycombinator.com/item?id=37478403
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
44
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
45
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0060.html
46
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0061.html
47
reference_url https://security.gentoo.org/glsa/202309-05
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202309-05
48
reference_url https://security.gentoo.org/glsa/202401-10
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.gentoo.org/glsa/202401-10
49
reference_url https://security.netapp.com/advisory/ntap-20230929-0011
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230929-0011
50
reference_url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
51
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
52
reference_url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
53
reference_url https://www.bentley.com/advisories/be-2023-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bentley.com/advisories/be-2023-0001
54
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
55
reference_url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
56
reference_url https://www.debian.org/security/2023/dsa-5496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5496
57
reference_url https://www.debian.org/security/2023/dsa-5497
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5497
58
reference_url https://www.debian.org/security/2023/dsa-5498
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.debian.org/security/2023/dsa-5498
59
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value critical
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
60
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
61
reference_url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
62
reference_url http://www.openwall.com/lists/oss-security/2023/09/21/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/21/4
63
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/1
64
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/3
65
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/4
66
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/5
67
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/6
68
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/7
69
reference_url http://www.openwall.com/lists/oss-security/2023/09/22/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/22/8
70
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/1
71
reference_url http://www.openwall.com/lists/oss-security/2023/09/26/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/26/7
72
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/1
73
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/2
74
reference_url http://www.openwall.com/lists/oss-security/2023/09/28/4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url http://www.openwall.com/lists/oss-security/2023/09/28/4
75
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
reference_id 1051787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051787
76
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
reference_id 2238431
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238431
77
reference_url https://www.bentley.com/advisories/be-2023-0001/
reference_id be-2023-0001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://www.bentley.com/advisories/be-2023-0001/
78
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
79
reference_url https://security-tracker.debian.org/tracker/CVE-2023-4863
reference_id CVE-2023-4863
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security-tracker.debian.org/tracker/CVE-2023-4863
80
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
reference_id KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
81
reference_url https://security.netapp.com/advisory/ntap-20230929-0011/
reference_id ntap-20230929-0011
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-28T05:00:18Z/
url https://security.netapp.com/advisory/ntap-20230929-0011/
82
reference_url https://access.redhat.com/errata/RHSA-2023:5183
reference_id RHSA-2023:5183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5183
83
reference_url https://access.redhat.com/errata/RHSA-2023:5184
reference_id RHSA-2023:5184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5184
84
reference_url https://access.redhat.com/errata/RHSA-2023:5185
reference_id RHSA-2023:5185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5185
85
reference_url https://access.redhat.com/errata/RHSA-2023:5186
reference_id RHSA-2023:5186
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5186
86
reference_url https://access.redhat.com/errata/RHSA-2023:5187
reference_id RHSA-2023:5187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5187
87
reference_url https://access.redhat.com/errata/RHSA-2023:5188
reference_id RHSA-2023:5188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5188
88
reference_url https://access.redhat.com/errata/RHSA-2023:5189
reference_id RHSA-2023:5189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5189
89
reference_url https://access.redhat.com/errata/RHSA-2023:5190
reference_id RHSA-2023:5190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5190
90
reference_url https://access.redhat.com/errata/RHSA-2023:5191
reference_id RHSA-2023:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5191
91
reference_url https://access.redhat.com/errata/RHSA-2023:5192
reference_id RHSA-2023:5192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5192
92
reference_url https://access.redhat.com/errata/RHSA-2023:5197
reference_id RHSA-2023:5197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5197
93
reference_url https://access.redhat.com/errata/RHSA-2023:5198
reference_id RHSA-2023:5198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5198
94
reference_url https://access.redhat.com/errata/RHSA-2023:5200
reference_id RHSA-2023:5200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5200
95
reference_url https://access.redhat.com/errata/RHSA-2023:5201
reference_id RHSA-2023:5201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5201
96
reference_url https://access.redhat.com/errata/RHSA-2023:5202
reference_id RHSA-2023:5202
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5202
97
reference_url https://access.redhat.com/errata/RHSA-2023:5204
reference_id RHSA-2023:5204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5204
98
reference_url https://access.redhat.com/errata/RHSA-2023:5205
reference_id RHSA-2023:5205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5205
99
reference_url https://access.redhat.com/errata/RHSA-2023:5214
reference_id RHSA-2023:5214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5214
100
reference_url https://access.redhat.com/errata/RHSA-2023:5222
reference_id RHSA-2023:5222
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5222
101
reference_url https://access.redhat.com/errata/RHSA-2023:5223
reference_id RHSA-2023:5223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5223
102
reference_url https://access.redhat.com/errata/RHSA-2023:5224
reference_id RHSA-2023:5224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5224
103
reference_url https://access.redhat.com/errata/RHSA-2023:5236
reference_id RHSA-2023:5236
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5236
104
reference_url https://access.redhat.com/errata/RHSA-2023:5309
reference_id RHSA-2023:5309
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5309
105
reference_url https://usn.ubuntu.com/6367-1/
reference_id USN-6367-1
reference_type
scores
url https://usn.ubuntu.com/6367-1/
106
reference_url https://usn.ubuntu.com/6368-1/
reference_id USN-6368-1
reference_type
scores
url https://usn.ubuntu.com/6368-1/
107
reference_url https://usn.ubuntu.com/6369-1/
reference_id USN-6369-1
reference_type
scores
url https://usn.ubuntu.com/6369-1/
108
reference_url https://usn.ubuntu.com/6369-2/
reference_id USN-6369-2
reference_type
scores
url https://usn.ubuntu.com/6369-2/
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-64n5-pugj-vue8
1
vulnerability VCID-9ckw-ra54-z3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdzj-kqfy-d3b7
44
url VCID-vwbu-ruxm-tbh4
vulnerability_id VCID-vwbu-ruxm-tbh4
summary An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25291.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
reference_id
reference_type
scores
0
value 0.00536
scoring_system epss
scoring_elements 0.67398
published_at 2026-04-01T12:55:00Z
1
value 0.00536
scoring_system epss
scoring_elements 0.67503
published_at 2026-04-21T12:55:00Z
2
value 0.00536
scoring_system epss
scoring_elements 0.67524
published_at 2026-04-18T12:55:00Z
3
value 0.00536
scoring_system epss
scoring_elements 0.67512
published_at 2026-04-16T12:55:00Z
4
value 0.00536
scoring_system epss
scoring_elements 0.67476
published_at 2026-04-13T12:55:00Z
5
value 0.00536
scoring_system epss
scoring_elements 0.6751
published_at 2026-04-12T12:55:00Z
6
value 0.00536
scoring_system epss
scoring_elements 0.67523
published_at 2026-04-11T12:55:00Z
7
value 0.00536
scoring_system epss
scoring_elements 0.675
published_at 2026-04-09T12:55:00Z
8
value 0.00536
scoring_system epss
scoring_elements 0.67486
published_at 2026-04-08T12:55:00Z
9
value 0.00536
scoring_system epss
scoring_elements 0.67455
published_at 2026-04-04T12:55:00Z
10
value 0.00536
scoring_system epss
scoring_elements 0.67434
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-mvg9-xffr-p774
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-mvg9-xffr-p774
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-37.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
8
reference_url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25291
10
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
11
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
reference_id 1934692
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934692
13
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
14
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
15
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
1
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-25291, CVE-2021-25291, GHSA-mvg9-xffr-p774, PYSEC-2021-37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwbu-ruxm-tbh4
45
url VCID-vxh1-8rvt-kkak
vulnerability_id VCID-vxh1-8rvt-kkak
summary An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.35172
published_at 2026-04-18T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35208
published_at 2026-04-11T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35148
published_at 2026-04-13T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35203
published_at 2026-04-09T12:55:00Z
4
value 0.00147
scoring_system epss
scoring_elements 0.35173
published_at 2026-04-12T12:55:00Z
5
value 0.00147
scoring_system epss
scoring_elements 0.35224
published_at 2026-04-02T12:55:00Z
6
value 0.00147
scoring_system epss
scoring_elements 0.35024
published_at 2026-04-01T12:55:00Z
7
value 0.00147
scoring_system epss
scoring_elements 0.35252
published_at 2026-04-04T12:55:00Z
8
value 0.00147
scoring_system epss
scoring_elements 0.35133
published_at 2026-04-07T12:55:00Z
9
value 0.00147
scoring_system epss
scoring_elements 0.35177
published_at 2026-04-08T12:55:00Z
10
value 0.00147
scoring_system epss
scoring_elements 0.35186
published_at 2026-04-16T12:55:00Z
11
value 0.00185
scoring_system epss
scoring_elements 0.40129
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9hx2-hgq2-2g4f
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-38.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c
8
reference_url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
9
reference_url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25292
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
12
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
reference_id 1934699
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1934699
14
reference_url https://security.archlinux.org/AVG-1635
reference_id AVG-1635
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1635
15
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4763-1/
reference_id USN-4763-1
reference_type
scores
url https://usn.ubuntu.com/4763-1/
fixed_packages
0
url pkg:pypi/pillow@8.1.1
purl pkg:pypi/pillow@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-g46h-p8jk-cuhc
14
vulnerability VCID-gvjw-funa-sqak
15
vulnerability VCID-n1hp-atex-ubh4
16
vulnerability VCID-n1w5-f5p7-xuhb
17
vulnerability VCID-q4bb-qnxe-8bfa
18
vulnerability VCID-ue18-zzau-x7hy
19
vulnerability VCID-vdzj-kqfy-d3b7
20
vulnerability VCID-vwbu-ruxm-tbh4
21
vulnerability VCID-vyzt-df2u-h3cc
22
vulnerability VCID-w9uy-fnpm-cbak
23
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.1
aliases BIT-pillow-2021-25292, CVE-2021-25292, GHSA-9hx2-hgq2-2g4f, PYSEC-2021-38
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxh1-8rvt-kkak
46
url VCID-vyzt-df2u-h3cc
vulnerability_id VCID-vyzt-df2u-h3cc
summary An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29345
published_at 2026-04-21T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.2939
published_at 2026-04-18T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.29417
published_at 2026-04-16T12:55:00Z
3
value 0.0011
scoring_system epss
scoring_elements 0.29397
published_at 2026-04-13T12:55:00Z
4
value 0.0011
scoring_system epss
scoring_elements 0.29449
published_at 2026-04-12T12:55:00Z
5
value 0.0011
scoring_system epss
scoring_elements 0.29494
published_at 2026-04-11T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29453
published_at 2026-04-01T12:55:00Z
7
value 0.0011
scoring_system epss
scoring_elements 0.29492
published_at 2026-04-09T12:55:00Z
8
value 0.0011
scoring_system epss
scoring_elements 0.29451
published_at 2026-04-08T12:55:00Z
9
value 0.0011
scoring_system epss
scoring_elements 0.29388
published_at 2026-04-07T12:55:00Z
10
value 0.0011
scoring_system epss
scoring_elements 0.29567
published_at 2026-04-04T12:55:00Z
11
value 0.0011
scoring_system epss
scoring_elements 0.29518
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hjfx-8p6c-g7gx
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-94.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
8
reference_url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28678
12
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
13
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
reference_id 1958263
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958263
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
16
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
17
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28678, CVE-2021-28678, GHSA-hjfx-8p6c-g7gx, PYSEC-2021-94
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzt-df2u-h3cc
47
url VCID-vz9s-jqpb-2ybf
vulnerability_id VCID-vz9s-jqpb-2ybf
summary PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html
1
reference_url http://osvdb.org/show/osvdb/110128
reference_id
reference_type
scores
url http://osvdb.org/show/osvdb/110128
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3589.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
reference_id
reference_type
scores
0
value 0.00808
scoring_system epss
scoring_elements 0.74154
published_at 2026-04-01T12:55:00Z
1
value 0.00808
scoring_system epss
scoring_elements 0.7416
published_at 2026-04-02T12:55:00Z
2
value 0.00808
scoring_system epss
scoring_elements 0.74187
published_at 2026-04-04T12:55:00Z
3
value 0.01389
scoring_system epss
scoring_elements 0.80376
published_at 2026-04-21T12:55:00Z
4
value 0.01389
scoring_system epss
scoring_elements 0.80371
published_at 2026-04-18T12:55:00Z
5
value 0.01389
scoring_system epss
scoring_elements 0.8037
published_at 2026-04-16T12:55:00Z
6
value 0.01389
scoring_system epss
scoring_elements 0.8034
published_at 2026-04-13T12:55:00Z
7
value 0.01389
scoring_system epss
scoring_elements 0.80347
published_at 2026-04-12T12:55:00Z
8
value 0.01389
scoring_system epss
scoring_elements 0.80361
published_at 2026-04-11T12:55:00Z
9
value 0.01389
scoring_system epss
scoring_elements 0.80343
published_at 2026-04-09T12:55:00Z
10
value 0.01389
scoring_system epss
scoring_elements 0.80332
published_at 2026-04-08T12:55:00Z
11
value 0.01389
scoring_system epss
scoring_elements 0.80304
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3589
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3589
5
reference_url http://seclists.org/bugtraq/2014/Sep/25
reference_id
reference_type
scores
url http://seclists.org/bugtraq/2014/Sep/25
6
reference_url http://secunia.com/advisories/59825
reference_id
reference_type
scores
url http://secunia.com/advisories/59825
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-10.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
10
reference_url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5efeed77666bfd17708f3434b1d2daa9db1e1335
11
reference_url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/d47611e6fbb808ea109366781dd76559ffb80bcd
12
reference_url https://pypi.python.org/pypi/Pillow/2.3.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.3.2
13
reference_url https://pypi.python.org/pypi/Pillow/2.5.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.python.org/pypi/Pillow/2.5.2
14
reference_url http://www.debian.org/security/2014/dsa-3009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-3009
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
reference_id 1130711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1130711
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
reference_id 758772
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758772
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:debian:python-imaging:-:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.3.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
reference_id CVE-2014-3589
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3589
25
reference_url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
reference_id GHSA-cfmr-38g9-f2h7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cfmr-38g9-f2h7
26
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
27
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@2.5.2
purl pkg:pypi/pillow@2.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-366h-8f99-r7at
3
vulnerability VCID-3qb5-8p8w-gkad
4
vulnerability VCID-3uk9-eds5-rkgc
5
vulnerability VCID-53ac-ceq4-qkhf
6
vulnerability VCID-5rv4-k1q9-zue2
7
vulnerability VCID-64n5-pugj-vue8
8
vulnerability VCID-6gyu-fzpg-c3bn
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-avx2-mahw-mqes
14
vulnerability VCID-b3au-rcgp-2fag
15
vulnerability VCID-b5a2-83ej-puaw
16
vulnerability VCID-brp2-dtrf-jyfr
17
vulnerability VCID-cas2-jb3y-vyhz
18
vulnerability VCID-d7uf-zdbv-sba1
19
vulnerability VCID-df4x-jt3h-17hx
20
vulnerability VCID-dgds-v95g-pbcv
21
vulnerability VCID-dpc3-td9q-dyee
22
vulnerability VCID-e3gp-zc2b-budg
23
vulnerability VCID-en6t-uxtq-bfek
24
vulnerability VCID-g46h-p8jk-cuhc
25
vulnerability VCID-gvjw-funa-sqak
26
vulnerability VCID-h4x7-7fke-mqgp
27
vulnerability VCID-haum-8zpg-6kgf
28
vulnerability VCID-hmmq-5772-bycm
29
vulnerability VCID-khp6-9hfx-1kge
30
vulnerability VCID-m3tm-h4q9-9yay
31
vulnerability VCID-ma2g-2f8d-dqa9
32
vulnerability VCID-n1hp-atex-ubh4
33
vulnerability VCID-n1w5-f5p7-xuhb
34
vulnerability VCID-p6r3-puh1-zyg6
35
vulnerability VCID-q4bb-qnxe-8bfa
36
vulnerability VCID-qjqr-jyjn-xfh9
37
vulnerability VCID-rncf-9nf8-wud3
38
vulnerability VCID-sns1-ksqr-vbhr
39
vulnerability VCID-stft-hsk9-zfdy
40
vulnerability VCID-u1en-t8ux-uube
41
vulnerability VCID-ue18-zzau-x7hy
42
vulnerability VCID-uf5t-asns-tudp
43
vulnerability VCID-vdzj-kqfy-d3b7
44
vulnerability VCID-vwbu-ruxm-tbh4
45
vulnerability VCID-vxh1-8rvt-kkak
46
vulnerability VCID-vyzt-df2u-h3cc
47
vulnerability VCID-w9uy-fnpm-cbak
48
vulnerability VCID-x15z-dejc-9ba6
49
vulnerability VCID-xesd-d294-7fcx
50
vulnerability VCID-xk66-1d31-2qbk
51
vulnerability VCID-yccg-zw89-vqff
52
vulnerability VCID-zmd3-henq-r7bd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.2
aliases CVE-2014-3589, GHSA-cfmr-38g9-f2h7, PYSEC-2014-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vz9s-jqpb-2ybf
48
url VCID-w9uy-fnpm-cbak
vulnerability_id VCID-w9uy-fnpm-cbak
summary Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56536
published_at 2026-04-21T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56566
published_at 2026-04-18T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.56532
published_at 2026-04-13T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.56551
published_at 2026-04-12T12:55:00Z
4
value 0.00337
scoring_system epss
scoring_elements 0.56575
published_at 2026-04-11T12:55:00Z
5
value 0.00337
scoring_system epss
scoring_elements 0.56565
published_at 2026-04-16T12:55:00Z
6
value 0.00337
scoring_system epss
scoring_elements 0.5656
published_at 2026-04-08T12:55:00Z
7
value 0.00337
scoring_system epss
scoring_elements 0.5651
published_at 2026-04-07T12:55:00Z
8
value 0.00337
scoring_system epss
scoring_elements 0.5653
published_at 2026-04-04T12:55:00Z
9
value 0.00337
scoring_system epss
scoring_elements 0.56508
published_at 2026-04-02T12:55:00Z
10
value 0.00337
scoring_system epss
scoring_elements 0.5641
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-34552
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7534-mm45-c74v
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7534-mm45-c74v
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-331.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f
8
reference_url https://github.com/python-pillow/Pillow/pull/5567
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5567
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
15
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
16
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-10
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
reference_id 1982378
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1982378
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
reference_id 991293
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991293
19
reference_url https://security.archlinux.org/ASA-202107-26
reference_id ASA-202107-26
reference_type
scores
url https://security.archlinux.org/ASA-202107-26
20
reference_url https://security.archlinux.org/AVG-2150
reference_id AVG-2150
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2150
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
reference_id CVE-2021-34552
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-34552
22
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
23
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
24
reference_url https://usn.ubuntu.com/5227-1/
reference_id USN-5227-1
reference_type
scores
url https://usn.ubuntu.com/5227-1/
25
reference_url https://usn.ubuntu.com/5227-2/
reference_id USN-5227-2
reference_type
scores
url https://usn.ubuntu.com/5227-2/
fixed_packages
0
url pkg:pypi/pillow@8.3.0
purl pkg:pypi/pillow@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.0
aliases BIT-pillow-2021-34552, CVE-2021-34552, GHSA-7534-mm45-c74v, PYSEC-2021-331
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9uy-fnpm-cbak
49
url VCID-x15z-dejc-9ba6
vulnerability_id VCID-x15z-dejc-9ba6
summary In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35653.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35653.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35653
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.52536
published_at 2026-04-01T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52668
published_at 2026-04-21T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52684
published_at 2026-04-18T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52676
published_at 2026-04-16T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52639
published_at 2026-04-13T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52654
published_at 2026-04-12T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52671
published_at 2026-04-11T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.5262
published_at 2026-04-09T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52626
published_at 2026-04-08T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52575
published_at 2026-04-07T12:55:00Z
10
value 0.00293
scoring_system epss
scoring_elements 0.52608
published_at 2026-04-04T12:55:00Z
11
value 0.00293
scoring_system epss
scoring_elements 0.52581
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35653
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-f5g8-5qq7-938w
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-f5g8-5qq7-938w
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-69.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
8
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35653
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/index.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1915420
reference_id 1915420
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1915420
16
reference_url https://security.archlinux.org/ASA-202101-11
reference_id ASA-202101-11
reference_type
scores
url https://security.archlinux.org/ASA-202101-11
17
reference_url https://security.archlinux.org/AVG-1438
reference_id AVG-1438
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1438
18
reference_url https://security.gentoo.org/glsa/202101-08
reference_id GLSA-202101-08
reference_type
scores
url https://security.gentoo.org/glsa/202101-08
19
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
20
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
21
reference_url https://usn.ubuntu.com/4697-1/
reference_id USN-4697-1
reference_type
scores
url https://usn.ubuntu.com/4697-1/
22
reference_url https://usn.ubuntu.com/4697-2/
reference_id USN-4697-2
reference_type
scores
url https://usn.ubuntu.com/4697-2/
fixed_packages
0
url pkg:pypi/pillow@8.1.0
purl pkg:pypi/pillow@8.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-9ckw-ra54-z3b7
8
vulnerability VCID-aubw-tsmn-ffcq
9
vulnerability VCID-brp2-dtrf-jyfr
10
vulnerability VCID-d7uf-zdbv-sba1
11
vulnerability VCID-df4x-jt3h-17hx
12
vulnerability VCID-dpc3-td9q-dyee
13
vulnerability VCID-en6t-uxtq-bfek
14
vulnerability VCID-g46h-p8jk-cuhc
15
vulnerability VCID-gvjw-funa-sqak
16
vulnerability VCID-khp6-9hfx-1kge
17
vulnerability VCID-n1hp-atex-ubh4
18
vulnerability VCID-n1w5-f5p7-xuhb
19
vulnerability VCID-p6r3-puh1-zyg6
20
vulnerability VCID-q4bb-qnxe-8bfa
21
vulnerability VCID-rncf-9nf8-wud3
22
vulnerability VCID-ue18-zzau-x7hy
23
vulnerability VCID-vdzj-kqfy-d3b7
24
vulnerability VCID-vwbu-ruxm-tbh4
25
vulnerability VCID-vxh1-8rvt-kkak
26
vulnerability VCID-vyzt-df2u-h3cc
27
vulnerability VCID-w9uy-fnpm-cbak
28
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.1.0
aliases BIT-pillow-2020-35653, CVE-2020-35653, GHSA-f5g8-5qq7-938w, PYSEC-2021-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x15z-dejc-9ba6
50
url VCID-xesd-d294-7fcx
vulnerability_id VCID-xesd-d294-7fcx
summary An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28676.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58516
published_at 2026-04-01T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58665
published_at 2026-04-18T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.5866
published_at 2026-04-16T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58627
published_at 2026-04-13T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58647
published_at 2026-04-12T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58666
published_at 2026-04-11T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58648
published_at 2026-04-09T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58642
published_at 2026-04-08T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.5859
published_at 2026-04-07T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58621
published_at 2026-04-04T12:55:00Z
10
value 0.00366
scoring_system epss
scoring_elements 0.586
published_at 2026-04-02T12:55:00Z
11
value 0.00377
scoring_system epss
scoring_elements 0.59261
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28676
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-7r7m-5h27-29hp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-7r7m-5h27-29hp
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-92.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
8
reference_url https://github.com/python-pillow/Pillow/pull/5377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/5377
9
reference_url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28676
14
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
15
reference_url https://security.gentoo.org/glsa/202107-33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-33
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
reference_id 1958252
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1958252
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
reference_id 989062
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989062
18
reference_url https://access.redhat.com/errata/RHSA-2021:4149
reference_id RHSA-2021:4149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4149
19
reference_url https://usn.ubuntu.com/4963-1/
reference_id USN-4963-1
reference_type
scores
url https://usn.ubuntu.com/4963-1/
20
reference_url https://usn.ubuntu.com/8135-1/
reference_id USN-8135-1
reference_type
scores
url https://usn.ubuntu.com/8135-1/
fixed_packages
0
url pkg:pypi/pillow@8.2.0
purl pkg:pypi/pillow@8.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-5rv4-k1q9-zue2
3
vulnerability VCID-64n5-pugj-vue8
4
vulnerability VCID-9ckw-ra54-z3b7
5
vulnerability VCID-brp2-dtrf-jyfr
6
vulnerability VCID-d7uf-zdbv-sba1
7
vulnerability VCID-df4x-jt3h-17hx
8
vulnerability VCID-dpc3-td9q-dyee
9
vulnerability VCID-g46h-p8jk-cuhc
10
vulnerability VCID-n1hp-atex-ubh4
11
vulnerability VCID-q4bb-qnxe-8bfa
12
vulnerability VCID-vdzj-kqfy-d3b7
13
vulnerability VCID-w9uy-fnpm-cbak
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.2.0
aliases BIT-pillow-2021-28676, CVE-2021-28676, GHSA-7r7m-5h27-29hp, PYSEC-2021-92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xesd-d294-7fcx
51
url VCID-xk66-1d31-2qbk
vulnerability_id VCID-xk66-1d31-2qbk
summary An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0566
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0566
1
reference_url https://access.redhat.com/errata/RHSA-2020:0578
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0578
2
reference_url https://access.redhat.com/errata/RHSA-2020:0580
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0580
3
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0681
4
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0683
5
reference_url https://access.redhat.com/errata/RHSA-2020:0694
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0694
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMJBUZQGQ2Q7HXYCQVRLU7OXNC7CAWWU/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYDXD7EE4YAEVSTNIFZKNVPRVJX5ZOG3/
8
reference_url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/latest/releasenotes/6.2.0.html
9
reference_url https://usn.ubuntu.com/4272-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4272-1/
10
reference_url https://www.debian.org/security/2020/dsa-4631
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4631
fixed_packages
0
url pkg:pypi/pillow@6.2.0
purl pkg:pypi/pillow@6.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-7bjx-gkf7-cke9
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-b3au-rcgp-2fag
14
vulnerability VCID-b5a2-83ej-puaw
15
vulnerability VCID-brp2-dtrf-jyfr
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-en6t-uxtq-bfek
20
vulnerability VCID-g46h-p8jk-cuhc
21
vulnerability VCID-gvjw-funa-sqak
22
vulnerability VCID-h4x7-7fke-mqgp
23
vulnerability VCID-haum-8zpg-6kgf
24
vulnerability VCID-hmmq-5772-bycm
25
vulnerability VCID-khp6-9hfx-1kge
26
vulnerability VCID-m3tm-h4q9-9yay
27
vulnerability VCID-n1hp-atex-ubh4
28
vulnerability VCID-n1w5-f5p7-xuhb
29
vulnerability VCID-p6r3-puh1-zyg6
30
vulnerability VCID-q4bb-qnxe-8bfa
31
vulnerability VCID-rncf-9nf8-wud3
32
vulnerability VCID-sns1-ksqr-vbhr
33
vulnerability VCID-stft-hsk9-zfdy
34
vulnerability VCID-ue18-zzau-x7hy
35
vulnerability VCID-uf5t-asns-tudp
36
vulnerability VCID-vdzj-kqfy-d3b7
37
vulnerability VCID-vwbu-ruxm-tbh4
38
vulnerability VCID-vxh1-8rvt-kkak
39
vulnerability VCID-vyzt-df2u-h3cc
40
vulnerability VCID-w9uy-fnpm-cbak
41
vulnerability VCID-x15z-dejc-9ba6
42
vulnerability VCID-xesd-d294-7fcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@6.2.0
aliases PYSEC-2019-40
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk66-1d31-2qbk
52
url VCID-yccg-zw89-vqff
vulnerability_id VCID-yccg-zw89-vqff
summary Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
references
0
reference_url http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3076.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3076.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3076
reference_id
reference_type
scores
0
value 0.00457
scoring_system epss
scoring_elements 0.63919
published_at 2026-04-13T12:55:00Z
1
value 0.00457
scoring_system epss
scoring_elements 0.63951
published_at 2026-04-12T12:55:00Z
2
value 0.00457
scoring_system epss
scoring_elements 0.63841
published_at 2026-04-01T12:55:00Z
3
value 0.00457
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-07T12:55:00Z
4
value 0.00457
scoring_system epss
scoring_elements 0.639
published_at 2026-04-02T12:55:00Z
5
value 0.00457
scoring_system epss
scoring_elements 0.63963
published_at 2026-04-18T12:55:00Z
6
value 0.00457
scoring_system epss
scoring_elements 0.63953
published_at 2026-04-21T12:55:00Z
7
value 0.00457
scoring_system epss
scoring_elements 0.63935
published_at 2026-04-08T12:55:00Z
8
value 0.00457
scoring_system epss
scoring_elements 0.63927
published_at 2026-04-04T12:55:00Z
9
value 0.00457
scoring_system epss
scoring_elements 0.63965
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3076
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1321929
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1321929
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3076
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3076
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2017-92.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2017-92.yaml
7
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
8
reference_url https://github.com/python-pillow/Pillow/blob/4.1.x/docs/releasenotes/3.1.2.rst
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/4.1.x/docs/releasenotes/3.1.2.rst
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3076
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3076
10
reference_url https://web.archive.org/web/20200227174644/http://www.securityfocus.com/bid/98042
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227174644/http://www.securityfocus.com/bid/98042
11
reference_url http://www.securityfocus.com/bid/98042
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98042
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.1:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.2:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.5.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.5.3:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.6.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.0:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.6.2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.7.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.1:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.8.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.8.2:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev0:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.9.0:dev0:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev0:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev1:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.9.0:dev1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev1:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev2:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:2.9.0:dev2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:2.9.0:dev2:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.0.0:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:3.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.0.0:rc1:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:3.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:3.1.0:*:*:*:*:*:*:*
31
reference_url https://github.com/advisories/GHSA-v9pc-9mvp-x87g
reference_id GHSA-v9pc-9mvp-x87g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9pc-9mvp-x87g
fixed_packages
0
url pkg:pypi/pillow@3.1.2
purl pkg:pypi/pillow@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-e3gp-zc2b-budg
20
vulnerability VCID-en6t-uxtq-bfek
21
vulnerability VCID-g46h-p8jk-cuhc
22
vulnerability VCID-gvjw-funa-sqak
23
vulnerability VCID-h4x7-7fke-mqgp
24
vulnerability VCID-haum-8zpg-6kgf
25
vulnerability VCID-hmmq-5772-bycm
26
vulnerability VCID-khp6-9hfx-1kge
27
vulnerability VCID-m3tm-h4q9-9yay
28
vulnerability VCID-n1hp-atex-ubh4
29
vulnerability VCID-n1w5-f5p7-xuhb
30
vulnerability VCID-p6r3-puh1-zyg6
31
vulnerability VCID-q4bb-qnxe-8bfa
32
vulnerability VCID-rncf-9nf8-wud3
33
vulnerability VCID-sns1-ksqr-vbhr
34
vulnerability VCID-stft-hsk9-zfdy
35
vulnerability VCID-u1en-t8ux-uube
36
vulnerability VCID-ue18-zzau-x7hy
37
vulnerability VCID-uf5t-asns-tudp
38
vulnerability VCID-vdzj-kqfy-d3b7
39
vulnerability VCID-vwbu-ruxm-tbh4
40
vulnerability VCID-vxh1-8rvt-kkak
41
vulnerability VCID-vyzt-df2u-h3cc
42
vulnerability VCID-w9uy-fnpm-cbak
43
vulnerability VCID-x15z-dejc-9ba6
44
vulnerability VCID-xesd-d294-7fcx
45
vulnerability VCID-xk66-1d31-2qbk
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.2
aliases CVE-2016-3076, GHSA-v9pc-9mvp-x87g, PYSEC-2017-92
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yccg-zw89-vqff
53
url VCID-zmd3-henq-r7bd
vulnerability_id VCID-zmd3-henq-r7bd
summary Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2533.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
reference_id
reference_type
scores
0
value 0.02195
scoring_system epss
scoring_elements 0.8433
published_at 2026-04-01T12:55:00Z
1
value 0.02195
scoring_system epss
scoring_elements 0.84411
published_at 2026-04-11T12:55:00Z
2
value 0.02195
scoring_system epss
scoring_elements 0.84394
published_at 2026-04-09T12:55:00Z
3
value 0.02195
scoring_system epss
scoring_elements 0.84388
published_at 2026-04-08T12:55:00Z
4
value 0.02195
scoring_system epss
scoring_elements 0.84366
published_at 2026-04-07T12:55:00Z
5
value 0.02195
scoring_system epss
scoring_elements 0.84364
published_at 2026-04-04T12:55:00Z
6
value 0.02195
scoring_system epss
scoring_elements 0.84344
published_at 2026-04-02T12:55:00Z
7
value 0.02195
scoring_system epss
scoring_elements 0.84426
published_at 2026-04-21T12:55:00Z
8
value 0.02195
scoring_system epss
scoring_elements 0.84424
published_at 2026-04-18T12:55:00Z
9
value 0.02195
scoring_system epss
scoring_elements 0.84401
published_at 2026-04-13T12:55:00Z
10
value 0.02195
scoring_system epss
scoring_elements 0.84405
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2533
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0740
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0775
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2533
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/advisories/GHSA-3c5c-7235-994j
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3c5c-7235-994j
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2016-19.yaml
8
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
9
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst
10
reference_url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst?plain=1#L53
11
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9
12
reference_url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b
13
reference_url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
14
reference_url https://github.com/python-pillow/Pillow/pull/1706
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow/pull/1706
15
reference_url https://security.gentoo.org/glsa/201612-52
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201612-52
16
reference_url http://www.debian.org/security/2016/dsa-3499
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3499
17
reference_url http://www.openwall.com/lists/oss-security/2016/02/02/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/02/5
18
reference_url http://www.openwall.com/lists/oss-security/2016/02/22/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/22/2
19
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
reference_id 1304504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1304504
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python_imaging_project:python_imaging:*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
reference_id CVE-2016-2533
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2533
26
reference_url http://www.cvedetails.com/cve/CVE-2016-2533/
reference_id CVE-2016-2533
reference_type
scores
url http://www.cvedetails.com/cve/CVE-2016-2533/
27
reference_url https://usn.ubuntu.com/3080-1/
reference_id USN-3080-1
reference_type
scores
url https://usn.ubuntu.com/3080-1/
28
reference_url https://usn.ubuntu.com/3090-1/
reference_id USN-3090-1
reference_type
scores
url https://usn.ubuntu.com/3090-1/
fixed_packages
0
url pkg:pypi/pillow@3.1.1
purl pkg:pypi/pillow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-3qb5-8p8w-gkad
3
vulnerability VCID-3uk9-eds5-rkgc
4
vulnerability VCID-53ac-ceq4-qkhf
5
vulnerability VCID-5rv4-k1q9-zue2
6
vulnerability VCID-64n5-pugj-vue8
7
vulnerability VCID-6gyu-fzpg-c3bn
8
vulnerability VCID-8n2b-wvya-53e1
9
vulnerability VCID-9ckw-ra54-z3b7
10
vulnerability VCID-and9-6jty-pyeq
11
vulnerability VCID-aubw-tsmn-ffcq
12
vulnerability VCID-b3au-rcgp-2fag
13
vulnerability VCID-b5a2-83ej-puaw
14
vulnerability VCID-brp2-dtrf-jyfr
15
vulnerability VCID-cas2-jb3y-vyhz
16
vulnerability VCID-d7uf-zdbv-sba1
17
vulnerability VCID-df4x-jt3h-17hx
18
vulnerability VCID-dpc3-td9q-dyee
19
vulnerability VCID-e3gp-zc2b-budg
20
vulnerability VCID-en6t-uxtq-bfek
21
vulnerability VCID-g46h-p8jk-cuhc
22
vulnerability VCID-gvjw-funa-sqak
23
vulnerability VCID-h4x7-7fke-mqgp
24
vulnerability VCID-haum-8zpg-6kgf
25
vulnerability VCID-hmmq-5772-bycm
26
vulnerability VCID-khp6-9hfx-1kge
27
vulnerability VCID-m3tm-h4q9-9yay
28
vulnerability VCID-n1hp-atex-ubh4
29
vulnerability VCID-n1w5-f5p7-xuhb
30
vulnerability VCID-p6r3-puh1-zyg6
31
vulnerability VCID-q4bb-qnxe-8bfa
32
vulnerability VCID-rncf-9nf8-wud3
33
vulnerability VCID-sns1-ksqr-vbhr
34
vulnerability VCID-stft-hsk9-zfdy
35
vulnerability VCID-u1en-t8ux-uube
36
vulnerability VCID-ue18-zzau-x7hy
37
vulnerability VCID-uf5t-asns-tudp
38
vulnerability VCID-vdzj-kqfy-d3b7
39
vulnerability VCID-vwbu-ruxm-tbh4
40
vulnerability VCID-vxh1-8rvt-kkak
41
vulnerability VCID-vyzt-df2u-h3cc
42
vulnerability VCID-w9uy-fnpm-cbak
43
vulnerability VCID-x15z-dejc-9ba6
44
vulnerability VCID-xesd-d294-7fcx
45
vulnerability VCID-xk66-1d31-2qbk
46
vulnerability VCID-yccg-zw89-vqff
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@3.1.1
aliases CVE-2016-2533, GHSA-3c5c-7235-994j, PYSEC-2016-19
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmd3-henq-r7bd
Fixing_vulnerabilities
0
url VCID-gmd5-pbxc-a3gd
vulnerability_id VCID-gmd5-pbxc-a3gd
summary Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
references
0
reference_url http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3007.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3007.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3007
reference_id
reference_type
scores
0
value 0.03008
scoring_system epss
scoring_elements 0.86601
published_at 2026-04-21T12:55:00Z
1
value 0.03008
scoring_system epss
scoring_elements 0.86527
published_at 2026-04-01T12:55:00Z
2
value 0.03008
scoring_system epss
scoring_elements 0.86538
published_at 2026-04-02T12:55:00Z
3
value 0.03008
scoring_system epss
scoring_elements 0.86556
published_at 2026-04-07T12:55:00Z
4
value 0.03008
scoring_system epss
scoring_elements 0.86575
published_at 2026-04-08T12:55:00Z
5
value 0.03008
scoring_system epss
scoring_elements 0.86585
published_at 2026-04-09T12:55:00Z
6
value 0.03008
scoring_system epss
scoring_elements 0.866
published_at 2026-04-11T12:55:00Z
7
value 0.03008
scoring_system epss
scoring_elements 0.86597
published_at 2026-04-12T12:55:00Z
8
value 0.03008
scoring_system epss
scoring_elements 0.8659
published_at 2026-04-13T12:55:00Z
9
value 0.03008
scoring_system epss
scoring_elements 0.86604
published_at 2026-04-16T12:55:00Z
10
value 0.03008
scoring_system epss
scoring_elements 0.86609
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3007
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3007
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
6
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/python-pillow/Pillow
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3007
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1094101
reference_id 1094101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1094101
9
reference_url https://github.com/advisories/GHSA-8m9x-pxwq-j236
reference_id GHSA-8m9x-pxwq-j236
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8m9x-pxwq-j236
fixed_packages
0
url pkg:pypi/pillow@2.5.0
purl pkg:pypi/pillow@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19e1-19hk-duet
1
vulnerability VCID-1vt7-c6e3-7qc8
2
vulnerability VCID-366h-8f99-r7at
3
vulnerability VCID-3qb5-8p8w-gkad
4
vulnerability VCID-3uk9-eds5-rkgc
5
vulnerability VCID-53ac-ceq4-qkhf
6
vulnerability VCID-5rv4-k1q9-zue2
7
vulnerability VCID-64n5-pugj-vue8
8
vulnerability VCID-6gyu-fzpg-c3bn
9
vulnerability VCID-8n2b-wvya-53e1
10
vulnerability VCID-9ckw-ra54-z3b7
11
vulnerability VCID-and9-6jty-pyeq
12
vulnerability VCID-aubw-tsmn-ffcq
13
vulnerability VCID-avx2-mahw-mqes
14
vulnerability VCID-b3au-rcgp-2fag
15
vulnerability VCID-b5a2-83ej-puaw
16
vulnerability VCID-brp2-dtrf-jyfr
17
vulnerability VCID-cas2-jb3y-vyhz
18
vulnerability VCID-d7uf-zdbv-sba1
19
vulnerability VCID-df4x-jt3h-17hx
20
vulnerability VCID-dgds-v95g-pbcv
21
vulnerability VCID-dpc3-td9q-dyee
22
vulnerability VCID-e3gp-zc2b-budg
23
vulnerability VCID-en6t-uxtq-bfek
24
vulnerability VCID-g46h-p8jk-cuhc
25
vulnerability VCID-gvjw-funa-sqak
26
vulnerability VCID-h4x7-7fke-mqgp
27
vulnerability VCID-haum-8zpg-6kgf
28
vulnerability VCID-hmmq-5772-bycm
29
vulnerability VCID-khp6-9hfx-1kge
30
vulnerability VCID-m3tm-h4q9-9yay
31
vulnerability VCID-ma2g-2f8d-dqa9
32
vulnerability VCID-n1hp-atex-ubh4
33
vulnerability VCID-n1w5-f5p7-xuhb
34
vulnerability VCID-p6r3-puh1-zyg6
35
vulnerability VCID-q4bb-qnxe-8bfa
36
vulnerability VCID-qjqr-jyjn-xfh9
37
vulnerability VCID-rncf-9nf8-wud3
38
vulnerability VCID-sns1-ksqr-vbhr
39
vulnerability VCID-stft-hsk9-zfdy
40
vulnerability VCID-u1en-t8ux-uube
41
vulnerability VCID-ue18-zzau-x7hy
42
vulnerability VCID-uf5t-asns-tudp
43
vulnerability VCID-vdzj-kqfy-d3b7
44
vulnerability VCID-vwbu-ruxm-tbh4
45
vulnerability VCID-vxh1-8rvt-kkak
46
vulnerability VCID-vyzt-df2u-h3cc
47
vulnerability VCID-vz9s-jqpb-2ybf
48
vulnerability VCID-w9uy-fnpm-cbak
49
vulnerability VCID-x15z-dejc-9ba6
50
vulnerability VCID-xesd-d294-7fcx
51
vulnerability VCID-xk66-1d31-2qbk
52
vulnerability VCID-yccg-zw89-vqff
53
vulnerability VCID-zmd3-henq-r7bd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.0
aliases CVE-2014-3007, GHSA-8m9x-pxwq-j236, PYSEC-2014-87
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gmd5-pbxc-a3gd
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@2.5.0